Unprotected Wifi networks, particularly in public places, are most certainly a threat. This is because you are connecting to a network without knowing who else could be on the network.
Well you are sending everything over untrusted channel. All communication protocols you use on the internet which do not provide an SSL interface (or similar) which also checks for validity (attackers love to perform MITM on free wireless hot spots) can therefore be sniffed and captured. So the minimum what they would be able to see is what websites you are visiting at which periods in time.
If you are using an unencrypted protocol like plain HTTP, POP3 or IMAP, then yes they will be able to obtain your credentials. While this issue isn't restricted to open WiFi access and can be done on any network, it becomes a lot easier for other people to monitor the wireless network.
Refer my Blog for more information:
http://community.technobind.com/889/risk-associated-with-using-public-wi-fi
