Aha, so you missed the original quote, i'll try bolding the relevant parts this time.
Also, WPA2-Enterprise is pretty secure if you only use TLS auth, not TTLS where you use a username/password combo (too easy for a MITM)
I was specifically replying to that part, as TLS and TTLS both have the same degree of mitm vulnerability with properly configured clients.
If the server cert fails in TLS or TTLS then MITM is a possibility, you dont need the username/password or client cert to mitm a TLS connection, just the server cert.