What, if any, functional security difference exists between having an unsecured “open” public wifi and one that uses a publicly available password? An example of the latter is: a wifi with SSID “ThePasswordIsPassw0rd” and corresponding password. Another example could be a coffee shop that has their wifi password printed on the door.
In both cases, computers can see traffic between the router and any other wifi-connected computer or, by my understanding, on the same network subnet. With wireshark or similar programs, I can see a lot of traffic between computers-that-are-not-mine. I may not be using the correct terminology, but can a third party on your network read the “handshake” between your computer and any websites or other servers with which you communicate and thereby gain a view of all data sent and received over your connection, including passwords and encryption keys with which to decode even HTTPS traffic? Does a VPN even truly circumvent these issues?
related
Does https prevent man in the middle attacks by proxy server?
Server-side man-in-the-middle/eavesdropping: attacks between two servers using unencrypted HTTP