I don't know that custom ROMs will make a difference as much as running the original Google apps that have this issue. They've shown off their ability to update their own apps without any intervention from the user (e.g. when the new Market was pushed).

I'm not losing sleep over getting it or not as I don't use public wi-fi networks.

 

I'm not finding where I saw this information (probably slashdot), but I read somewhere that the root of the problem is apps like GMail using HTTP (as opposed to HTTPS). Anything sent unencrypted over an open wi-fi network has the same security as printing it on the front page of a newspaper. Basically it sounds like people are sniffing packets on open wi-fi and getting tokens which allow them to emulate your login. Same thing as the firesheep Facebook exploit a few months ago.

I'm obviously no Google engineer. Pure speculation -- if they can force-update their own apps (like they did with Market) I would think they can push updates to all the apps to force encryption.