Except that I'm pretty damn certain that 99% of unsecured networks are that way because that's the default configuration of the router and the person who set it up didn't know any better. That's even more likely if they're using the router's default SSID.
I really put that at the feet of the router/WAP manufacturer and not the end user. For example, I know that the Motorola routers that I've used (recently) came out of the box with a randomly generated SSID, configured with WPA2 enabled by default, with a randomly generated password (on a label on the bottom of the router, and in the docs). There's no reason that every vendor shouldn't be required to do this. Shipping the device without any kind of default security (or WEP enabled, which is pretty much the same thing) and a generic SSID is tantamount to negligence in my book.