In order for this to happen, you have to be spoofed into using a public hotspot that's made by the hacker's. Kind of like a hotspot that is pretending it is Starbuck's but its not actually.
If you think about it, the chances of this happening is small. Not unless you want to connect to any public hotspot in the street or in the mall. Or like your phone's wifi is set always on On all the time and you get entries for "linksys" and "netgear" which will link to any "linksys" or "netgear" that is open and has no authorized password.
Why it does not happen --- but you need to be very prudent just in case:
1. You need to manually accept a wifi connection
2. Most public wifi hotspots are passworded themselves. In other words, they are more scared of people like you,.
3. You need to go around with your phone's wifi set on on. But most Android users are consciously trying to save battery as much as they can, it's set off.
4. This won't happen if your phone is always set only for EDGE, 3G, H, or 4G for internet connection.
Anyway, its always a prudent idea to be careful of sharing not just your phone, but even your laptop on a public wifi area. If you are in a public wifi, you can also close background updates and auto-sync, so only your foreground app is allowed to transmit.