"Second the operator of the WAP can re-direct you to any sites he wants, even ones that appear to be what you wanted but aren't."
At that point OpenSSH will complain that the server key doesn't match the one it has cached and I'll know I've been redirected so won't open a tunnel. ;~)
Sorry, automatic geek response. You raise a good point.
To be honest the times I've used open points I have done so to access El Reg and other sites which I won't log onto through that access point (I clear session data on exit etc. blah, blah...). While I am aware that there is some risk involved, the fact I know it's a risk allows me to take a lot of care.