Except that I'm pretty damn certain that 99% of unsecured networks are that way because that's the default configuration of the router and the person who set it up didn't know any better. That's even more likely if they're using the router's default SSID.
These people didn't deliberately configure their router to let anyone connect. The problem is that these people didn't really configure their router at all.
Fair enough point and I'll also concede that the owners of the routers generally aren't given enough information by the router manufacturer to make an informed decision as to how to configure their router as well as having insecure defaults.
Fortunately, ISPs, at least with the wireless devices they provide, have for the most part moved toward installation with secure defaults, which unambiguously declare the intent, at least of those ISPs, that the Wifi is not available to public use, forcing the customer to take affirmative steps to make it available to the public, declaring his intention. With customer supplied routers, it sucks that the out of box defaults on those may or may not be secure, so the owner's intent is ambiguous. I think any wifi access point/wifi router sold in the US should be required to default to a secure setup.
I'm working from the point of view of one overriding truth: In a WiFi environment, where the signal can pass through walls, propagate in any direction, be repeated, and requires specialized equipment to determine the source, the only effective way to determine the identity of the signal's source and that identity's intent is by examining the signal itself. That signal provides us with a network name and what type of security it has -- in my opinion a one to one mapping to source identity and that identity's intent.
I don't know which structure, if there even is one associated with a particular hotspot, that I should be looking for a sign on.