@Aaron et al -- spoofing hotspots
Having relatively recently implemented a web-capture-portal-type authenticating wireless gateway, I gave this a lot of thought... and came to the conclusion that, unless you know in advance what to expect as the host part of the URL when you get redirected to the login page, there's simply no way around this. It's not a new problem, but it's made worse by the sudden proliferation of BT hotspots, as people will expect to see them everywhere rather than in stations and airports.
Bad man carries pocket computer while walking through a town. Pocket computer advertises "BT OpenZone" (or whatever it is) as SSID, and redirects browser traffic to a domain for which he serves a valid SSL certificate. He presents a copy of the BT login page and collects the credentials. The SSL certificate is optional, as most users wouldn't think to check for an encrypted connection before logging in.
ISTR that there's existing malware that does this, advertising something like a "Free Wireless" SSID from its host.