Paranoia justified?
As someone has noted, the amount of traffic snorted would be inadequate to break WEP or WPA passwords, and it would be unwise of Google to acquire or use that information. However it would be enough to gather the MAC addresses of any devices using the WiFi networks, as opposed to just identifying the WiFi access point by SSID or MAC address.
This makes much more sense: having identified a laptop or handheld's MAC address in one site, Google can then recognise it if it crops up elsewhere. This will be particularly valuable in the IPv6 world, as in one mode of deployment, the IPv6 address of a device is directly related to its MAC address. It can also be useful in some other circumstances, e.g. when using a public WiFi hotspot if Google has made arrangements with the network owner to acquire this information (or is the owner of the network).
In other words, I think that Google is laying the ground work to use MAC address as a supercookie, associated with your home address, whether or not you are registered with Google as a user.