That's the point. It's empirical (albeit, not scientific) evidence that even when presented with the risks, users will still choose to do things that are dangerous.
dan·ger·ous
[deyn-jer-uhs, deynj-ruhs]
–adjective
1. full of danger or risk; causing danger; perilous; risky; hazardous; unsafe.
2. able or likely to cause physical injury
Who's out of touch here? We're all making such a huge deal about this with very little reason. The websites that truly need SSL (banking, purchasing, etc.) use it. People have real dangers to worry about; why should they care if someone can pretend to be them on a couple social websites that they just joined in the last year or two?
Why would you expect most people to do otherwise? I fully know the risks of using open hotspots on many websites and I do it anyway because the convenience outweighs the risks for me. Obviously I'd think twice about logging into my bank over a non-secure connection (though I'd be mad to bank with a company that doesn't secure all connections by default, of course), but open-wifi Facebook? Sure, why not?
This behavior extends beyond Internet usage. I (and probably most of you reading this) hand my credit/debit cards over to waiters several times per month knowing full well they could jot down enough information while out of my sight to make illegal charges on that card (if not do far worse via more elaborate identity theft schemes). Risky? Yes, but the extreme convenience outweighs the potential pain due to the low chance of actually being one of the people that gets exploited in this way, and thus it is with open hotspots and most Internet sites.
My credit card has legally builtin insurance against fraudulent use - I'm not liable for a penny of that use if it was used illegally - unless the card itself was stolen and I failed to report it - in which case i'm liable for up to $50. (As soon as I report it stolen, I'm not liable for anything)
I use a credit card because it's safer and offers me options - someone snarfing the number would be a nuisance, because I'd need a new card, but that's it.
Let's please not forget (Sight.. I know - everyone already has) that charge-cards were pushed onto the market as a safe, convenient alternative to using cash - not a walking liability - don't let the issuers turn them into one on us.
As to the analogy - it's quite different. I'm very security conscious, and I generally don't do certain types of activity on uncontrolled or unknown networks (banking - home or somewhere else safe - but facebook at starbucks, okay)
IT's not just a problem with open hotspots, it's with any network you are on, anywhere - an open hotspot is just the easiest place for someone to try this on. An employee at an ISP could snarf data from millions of users easily...
In the UK, waiters bring over a portable card reader to your table, you stick your card in and enter your pin. No need to physically hand over your card to them.
It certainly doesn't help that there is no solution to the problem of viewing Facebook on a public wifi. If there is no SSL solution, what solution can these users take?
Seems like the ones who read the message must have made a quick cost-benefit analysis in their head of viewing facebook insecurely right now versus not accessing facebook at all - and viewing it right this minute no matter how insecure still won!