You know a problem has hit the mainstream when it hits a Tuesday New York Times: My articles for the Times appears most often in Thursday's Circuits section, a time-defined region of the paper aimed at business professionals without IT backgrounds, frequent travelers, gadget freaks, and prosumers. This solid article by Susan Stellin appears in Tuesday's edition, which means that it's aimed at the general business audience. That means that VPNs have hit the mainstream, along with good advice for avoiding having your data snarfed wirelessly at hotspots.
I've been writing for years about the steps one could take to avoid snoopers intercepting unprotected passwords, email, and other session data that's not secured by a VPN or a secured SSL/TLS or SSH connection. But my articles have appeared in trade publications like Macworld and in the Personal Technology section of The Seattle Times, to name two.
A CNet editor is quoted in the article recommending that you avoid all financial transactions at, say, an airport, but that's probably condensed from longer advice. I always say that as long as your financial institution has an already-secured page on which you log in--that is, you're at https://mybank.com not http://mybank.com when you type in your account login--then you should be able to surf securely at any hotspot. (There's a known flaw in using non-secured pages for login, because evil twins and other foul Wi-Fi tools could allow a ne'er-do-well to provide a false login page with a false site to which your details are submitted. Secured Web pages for login mean that the page's security is validated by the SSL/TLS process before you type in your password.)
There's also good advice on using public computers. I have given up on that idea--keystroke loggers are too easy to install to allow any safe use of a computer you haven't vetted.