Suppose I'm using a WiFi connection at the airport or in a cafeteria (free WiFi), which is not password protected - I only need the SSID to connect to the network.
Then, I'm using the page with https (let's say, some banking page). Am I secure then? Can I send my password in such situation? Will it be send in clear text, or encrypted (since the page is using https)?
If your premises are correct, yes, you are protected, in that the password will be sent encrypted to the remote site.
Are your premises correct? Is that really a free WiFi offered by the airport?
It happened to me twice - once in Schiphol Airport, once on a train bound for Rome - that I found an "open free WiFi" near me. The one on the train (those trains are called FrecciaRossa, 'Red Arrow') was even called 'Freccia Rossa Free WiFi'.
Except that they were honeynets, set up by some creep and employing man-in-the-middle strategies to be able to decrypt your HTTPS connection. With some browsers, and some plugins, you are warned. Most of the time, you are not, or you're induced to disregard some low-level threat warnings ("Those dialog boxes pop up all the time, just click OK already!").
This kind of trick can be performed with devices already configured that can be bought on the Internet (just google for 'pineapple wifi', and that is one example), so it's not like you need to enter the Matrix to get pwn3d this way.
Also, on WiFis that do not offer "client isolation", several attacks are possible that just might allow both sniffing your connection and hijacking it. And you're at risk of your device being hacked, too. Some Android phones had a vulnerability that could be exploited from their local network, but a WiFi AP without client isolation is indeed your local network. Much less likely than being pineappled, because few phones are likely to be hackable, and even then, there's not much that can be profitably done to them in a short time. Of course, if you always go to the same bar, who's to say that nobody is after you specifically? How interesting a target are you?
With a passworded WiFi, at least you have to get the password from someone "official", who is unlikely to be able to say "I wasn't aware" or "it wasn't me!" when the police comes by to investigate your bank account having been drained.
Even so, check carefully what network you're connecting to and pay attention to browser warnings. It's not too difficult to go to the bar, ask their SSID and a password, then set up a different, way more powerful AP with the same SSID and password, and start reaping accounts, identities, possibly some big money every now and then. Also, once you have the SSID and password, try navigating to the router's administration page. If you can, that's a very bad sign; customer APs ought to be only reachable from a wired connection (and not the WAN, either. Not from any random IP at least). If the AP is insecurely administered, or worse yet, vulnerable to some exploit, there again safety flies out of the window.
