A friend of mine didn't think I could do much more than surf from his unsecured WAP, so he let me prove him wrong.
Details are on my site here:
http://mcwresearch.com/default.asp?id=6&ACT=5&content=29&mnu=6
I have some other nit-noid papers there regarding implications of unsecured WAPs, etc. A friend and I have stumbled 1200 in the northern VA, DC-Metro area and documented locations, etc. There are maps on the site as well.
Its interesting to see how prolific the technology is and how many are installed with factory defaults!