how is this news? there is no security on the current WiFi offered to the public on trains (paid for service) -or in coffee shops...any network where you just join an SSID and then either get internet or have to log into some captive portal is insecure - its an 'Open' wireless network in which anyone else can sniff/snoop on your internet traffic....the only security you can rely on is VPN or TLS-secured systems - certainly dont do plain auth methods (POP3/IMAP) or visit http: sites with forms on them! in fact, avoid http: systems as anyone can grab your cookies too! :/
the solution? passpoint2.0 systems - 802.1X authentication, per user secure local transit (in educational world this roaming is available in the form of eduroam - in government circles, countries are looking at govroam).