There are many unencrypted networks around: hotels, cafes, hotspots at airports and train stations, inside trains and planes and even cities start to provide their own wireless networks. And I expect less than 10% of the regular users to use VPNs or to keep track of only using HTTPS (or secure connections on other protocols).
Also keep in mind a lot of people have their phones/laptops set to join any available wireless networks without asking them, making a spoofing attack a lot more easier.
