802.11 Planet conference was prime example of educated users failing to exercise even minimal encryption: AirDefense was the official security sponsor, and they earned out their sponsorship with this article. Martin Levy of RoamAD, who I had the pleasure of meeting at the conference, was visibly shaken by the open Windows shares and the lack of encryption.
It's obvious that the problem here relates to ease of securing a connection not necessarily use sophistication. I don't have a VPN at my office, but I run three chained SSH forwarding tunnels to protect POP, SMTP, and Web transactions. This is a little kludgey, but it's free, secure, and simple once I had it set up.
I've been telling Apple and anyone else who listened that setting up a user interface to allow remote workers without an IT department to securely connect back to a machine using tunneling (not even a full VPN) would be an invaluable tool.
In fact, a Mac OS X software developer could write that program easily with a server and user component. For Windows, it might be trickier, because you'd have to provide SSH or other clients which OS X features built-in, like Linux.