Here's one of many possible vulnerabilities you might find by using a Wi-Fi analyzer to look for cleartext credentials sent by your Wi-Fi smartphone:
Android phones vulnerable to Google ClientLogin AuthToken attack
In this case, UULM researchers observed that smartphones running Android 2.3.3 or earlier used an OS-supplied ClientLogin API to auto-sync Google contacts and calendars, causing an authentication token to be returned over HTTP rather than HTTPS. When that's done over an unencrypted network (like an open Wi-Fi hotspot), the cleartext AuthToken is easily intercepted and can be used to impersonate the smartphone's user. Conceptually, this is similar to the browser side-jacking vulnerability exploited by FireSheep last year.
What can we learn from this vulnerability? Not that sending cleartext credentials over a Wi-Fi hotspot is risky - surely everyone knows that by now. Rather, the lesson here is that your smartphone may be sending cleartext credentials automatically, synchronizing many accounts on your behalf, when you don't realize it. Even phones that use a VPN to protect corporate traffic may be synchronizing personal contacts and calendars outside of that tunnel (when split tunneling is used or the VPN is disconnected).
I highly recommend using a Wi-Fi analyzer to watch what your smartphone sends automatically upon connecting to any open Wi-Fi network. If you don't like what you see, inspect your phone's application and OS settings to disable auto-sync before connecting to any unencrypted network. (On Android, see Settings -> Accounts & Sync -> Auto-sync and Background data.) Or use a VPN client that runs full-time, without split tunneling. And always retest after making changes to verify they had the desired effect.
As for the UULM-identified vulnerability, Android users may want to check OS version (see Settings -> About Phone). Android 2.3.4 fixed this particular vulnerability by syncing contacts/calendars over HTTPS, but other apps may still be vulnerable (e.g., Picasa). Unfortunately, smartphone users depend upon cellular providers for OS updates, so those still running older Android versions simply have to be patient. But remember - this isn't really about plugging one hole - it's about knowing and protecting what your smartphone is sending automatically on your behalf.