The Federal Trade Commission notes that wi-fi hotspots in public places like coffee shops, libraries, universities and so on, while convenient, are often unsecured, which means the information you send when you're logged in to these hotspots can be seen by others.
Short of simply not using public wi-fi hotspots, there are things you can do to protect yourself.
1. Try to confine your use of unsecured public wi-fi hotspots to web browsing rather than logging in to websites and apps that require personal information.
2. If you do need to sign in to websites using login and password information, try to only use sites that are encrypted, or that basically scramble the information submitted so that others can't see it. How do you know if it is encrypted? If there is an "s" after http at the beginning of the web address, that means it's secure. But make sure the https shows up on every page you visit, not just the page you sign in.
The good news is that many sites requiring login are consistently using https these days, like Facebook, Twitter and LinkedIn, not to mention banking and financial sites. You may notice when you go to a site like Amazon.com, initially you'll see www.Amazon.com in the browser, but a secure web address once you click the sign in page.
3. The FTC notes that mobile apps don't have a visible indicator like https and that many mobile apps don't properly encrypt information. So if you have that $100 birthday check form Aunt Hattie and want to deposit it to your Chase account using your mobile app while enjoying your Frappuccino at Starbucks, use your phone's 4G or 3G data network, not the free wi-fi.
The Federal Trade Commission has more useful tips for using public wi-fi hotspots at www.consumer.ftc.gov/articles/0014-tips-using-public-wi-fi-networks.