Isn't it sort of obvious that hotel networks are a free-for-all security wise?
Use a VPN and SSL.
RTFA; that won't help.
The problem is that before you can connect out to use your VPN, you first have to get provisioned by the hotel's wifi. This involves at a minimum checking a box that says "I won't try to hack or do bad things," along with either authorizing a charge, giving the webpage your hotel frequent traveler info/name and room number, or authorizing a charge for the Internet access. Those pages are what put you at risk; the attacker hacks the router that serves up the page, adds a nice little bit of extra code to serve up malware (that he also uploads to the router itself, so no need for outside Internet to get it), and boom...everyone with a vulnerable system that connects in that hotel gets pwned.
And that's beyond the risk of the machine serving as a jump-point for deeper penetration into the hotel itself. How is your using a VPN going to protect the hotel's keycard system from being hacked? Or protect your private information that resides in the reservation system?