For fifteen years, the standard advice was simple: never use public WiFi without a VPN. The concern was legitimate — open networks transmitted all traffic in cleartext, readable by anyone in radio range with a packet capture tool. Sitting in a coffee shop and watching an unencrypted HTTP session between a neighboring laptop and a banking site was technically trivial. Sniffing credentials required nothing more than Wireshark and proximity. That threat model has changed in two independent directions: the web has largely moved to HTTPS, and WPA3 introduced Opportunistic Wireless Encryption for open networks.