"Would you happily login to your account from the WiFi at Starbucks, or from the public machine at the local library? Yes? Then the hypothetical attacker already has your password."
This isn't true if the website uses https (since we're talking about sniffing, not man-in-the-middle).
Ecrypted wireless connections also help. I'm always very cautious about the kind of wireless link I'm using.
You have to be conscious on the internet, that's the moral here. I have stopped using websites that sent me my password in plain text, unless I just don't care about the account. If the developers aren't savvy enough to know how to protect their users, I lose confidence in them.
Especially if (it turns out) the wifi SSID to which you are connecting does not actually belong to the starbucks (or some indie coffee shop offering wifi) but some black hat in an office in the building with the starbucks.
This isn't true if the website uses https (since we're talking about sniffing, not man-in-the-middle).