My mail server doesn't even accept imap connections, only imaps. That is one of the measures I took almost without thinking years ago when I set it up. Why even still support unencrypted imap? No good reason for that. The imap port is even closed in the firewall.
When connecting to a hotspot I prefer it to be an encrypted over-the-air connection (WPA-PSK for example), but that is often not available. Starbuck's et.al. don't do that, it's easier to connect without. No password. Just an activation code (hard enough) to get your 30 mins free wifi. That connection is unencrypted, a sniffer could probably see that I connect to my mail server or to slashdot.org or whatever (encryption won't stop that part unless you go for a VPN), but not my passwords as that's over encrypted connections.
The focus is now also on the free WiFi access points, but how about the other two dozen or so connecting points between me and the Slashdot server just to post this rambling? Are they secure? Can I even know whether they are secure, I mean, hello NSA!