This poorly written article with a misleading headline says pretty much nothing about why "insecure hotel WiFi networks" might be dangerous. The only danger mentioned was that a hacker wired (without using WiFi!!) into the hotel's network and then hacked into the hotel's corporate system from one of the rooms (and then was able to access credit card info from the hotel's system). What does that have to do with the WiFi used by guests?? This would have happened even if the hotel didn't offer WiFi at all.
These scary, substance-free articles do nothing but continue to spread fear and misinformation about highly exaggerated dangers of using public WiFi.
As I have said repeatedly on threads on this topic, most websites today use SSL (https) encryption for all web transactions - even the Rick Steves forum does. That means, even over an insecure WiFi network, all traffic between you and another website is encrypted. Someone snooping on your web traffic over one of these public WiFi networks will see nothing but gibberish. This wasn't true 15 years ago; if you were using WiFi on an open network with your laptop, a hacker could have snooped easily to view most of what you are viewing (except passwords and credit card numbers). Not anymore.
The one thing an open WiFi network might expose would be the websites you actually visit. If you visit your bank's website, someone snooping might tell that you VISITED it - but not know your name or any identifying information. A VPN would mask that kind of information at least - from someone on the hotel's network or a local hacker. It wouldn't stop someone who has hacked into the VPN provider's network from snooping on you, though.
But, people caution: how do you know someone can't hack into the encrypted SSL connections? Sure, that's possible - but so is hacking into your VPN. ANYTHING is "hackable" nowadays, no matter how secure you think you are, even at home. Google for "zero day exploit" if you want to learn about how/why everything is hackable.
There are much bigger dangers to worry about online these days than open WiFi networks. Malware, phishing schemes, ransomware are all much bigger risks.