The problem is more than that, its people using those coffeeshop networks with a splash page they have to put a code into that for some reason people think is a way to make it secure.

There is a pretty good tool for sessionjacking (sidejacking or whatever you want to call it) that I had demo'ed to me on a open network.

Basically, someone loads facebook, you click a few things and you are in their facebook/whatever changing their profile and adding friends.

If google have a few stored frames that have some useful packets in them, no big deal. Any personal data should have been SSL, and they cant use any cookies now since it was scanned a long time ago.