A public wifi can require a password for authentication, but still be insecure if not properly configured, have its own weak management console password, use a weak security protocol, direct access by unauthorized personnel, is hacked by a determined attacker, etc.
There is even rogue public wifi setup to appear as legitimate public wifi.
How likely is any of it ? The risk probably isn't extremely high for the typical user, but common sense and good judgment are a good place to start...
Trust no public wifi - ever - even one that requires authentication.
There is nothing special what I am saying here; it is general advice widely available online.
Best practice:
- Don't do personally\financially sensitive stuff while connected to public wifi
- If you must then use a VPN - don't be cheap and just opt for freeware; invest in top quality VPN service like Mullvad or IVPN if you must do a lot of sensitive stuff online using public wifi
NOTE: A big hindrance to using a VPN for online banking is that a lot of banks will not permit you to do online banking using a VPN; they might disable your online banking because they use your IP address to track you as a security measure. You have to sort out what is acceptable to the bank.