OP, Paul has pretty much answered the question(s) you asked in your reply.
When I say "sniffing around the internet", I mean that a hacker could access the wi-fi
portal same as you and use devious software to see what computers/phones/tablets
connected to that portal are doing. If the connections are not secure (which they
usually are not on a public wi-fi network), they can potentially decipher any traffic
that is going on.
So using a public wi-fi portal to check the scores of the game or connect to Google
Maps is not a problem, but doing anything that should be secure like accessing
any personal accounts should not be done without an added level of security,
such as VPN, 2FA, etc.
On trips, some people try to survive without a data plan and just use wi-fi in the
hotel or a museum, etc. That works fine as long as all you want to do is avoid
getting lost or see when the next train departs. But without a secure internet
connection, you're taking a big risk accessing personal accounts, which might
be an issue on a trip if, for instance, you need to attend to some personal matters
(pay a bill online, etc), or an emergency arises.
Having strong passwords is an excellent practice and you should not stop doing that,
but the main reason for that is so that a hacker cannot guess your password if they
know your login or email address. Many people use easy-to-guess passwords like
"1234" or their birthdate. That is where strong passwords will protect your accounts.
Finally, since the other end (the bank, Amazon, etc) know your login/password credentials,
if the bank security gets breached and the hackers get your info that way, there's
really nothing you could have done to prevent that.