Your being tinfoil hat enough. You never know what sort of crap people are doing. One of my guilty pleasures is to run driftnet and dsniff in the background (/dev/null'd of course) and just see what goes by.
Regular web surfing is'nt a big issue if it's for sports scores and news, unless you start going to sites requiring authentication. I'd tunnel everything I could that needed authentication (email, secure sites, etc) through the tunnel home. The performance hit is well worth the safety. Though you might want to consider some level of security that it's actually *your* box your connecting to and not a man-in-the-middle (airsnarf)
There's not really much you can do in terms of 3rd party security other than a VPN since a public hotspot by definition needs to be open.
My road connecting setup is: Firewalled laptop, ssh tunnel to home system with S/KEY one time passwords, do everything on remote workstation using VNC tunneled over SSH. The only traffic is in the SSH tunnel
