So what? The attacker need not attempt a login until they have derived a good password, if they can sniff enough traffic.

Security is tough problem and hardened sites are expensive to deploy, even more expensive to maintain, and require big restrictions on a usability. In the real world you have to size the solution to match the threats & consequences.

For myself and clients the threshold is preventing drive-by (literally) downloads of kiddie porn. So it's WPA with a very strong PSK (63 characters, each from an RNG). That's not as good or as easy as certificates but it's a fair trade-off that works in our cases.