Nor do I (no offense intended benjammin!)

There is a concept of "reasonably secure". For example, it is possible that I could be attacked by a shark here in Colorado. We could have a "Shardnado". But am I going to stay inside for the rest of my life because I'm worried about the possibility?

If you are using good encryption, there really isn't much to worry about. Yes, the NSA could probably hack you if they specifically targeted you and went to great expense and effort to do so. But you're more likely to run into a thief who would crack you over the head with a baseball bat and just take your silly computer from you, along with all the data it contains.

Personally, when using a WiFi hotspot (which is very rare for me), I VPN into my home network and then bounce out onto the internet-at-large from there. But setting up a VPN on your home router or other server is not for a computer lightweight or newbie.

Just about as secure, and an order of magnitude easier, is setting up an "SSH tunnel". Of course, that implies you know how to set up an SSH server on your home network. Again, not really for a computer lightweight.

My advice? If you wouldn't scream out everything you are typing to a crowd, don't send it over a WiFi connected web browser unless you are 100% sure you are connected using HTTPS (a little lock icon appears on most/all web browsers to indicate this type of connection). And even then, I wouldn't do something sensitive like banking or your online taxes over a public WiFi connection, even if HTTPS. Is it really that critical that you access your bank from Starbucks that it can't wait until you get home?

As far as trusting encryption provided by web file hosting or cloud services, I would never trust that. Of course they will tell you that they are ultimately secure. I'm sure that's what "Ashley Madison" told their customers too! I would only encrypt files locally, then send them up. if the hosting service wants to re-encrypt them, that's all well and good, but the salient point is that I controlled my own encryption and didn't rely on them. Note that doing things the way I recommend means that you cannot easily "share" your stuff between devices using the cloud. Each device would have to be set up to do it's own decryption (YOUR decryption, not the cloud hosting company's decryption). The solution to this is to set up your own personal cloud, controlling that with your own encryption. But we're back to "not for the computer lightweight" again, with that suggestion.