If I understand it right, using a free fifi connection at some "Internet Cafe" can expose my data to the owner of the cafe...

I think (but don't know for sure) that by carefully using trusted https: websites, the data transfered to/from the website is protected by the encryption even from the owner/operator of the wifi connection?

I'm less certain of what happens if I use a mail client like alpine to connect to an IMAP account via a TLS connection. would the owner/operator of the wifi connection be able to read the email, (body, header, or even just the so called envelope)???

Yes (more or less).
Once you are connected to a public wifi network (including with encryption like wpa2) everyone else that is connected to the same network can see your plain text traffic (as on a LAN also), unless there are measures to separate traffic to individual nodes. This is where end to end encryption becomes important, so that the 'plain text' data is not visible to anyone between you and the server you are talking to. SSL web connections are (currently) reasonably secure in most situations.
It is worth considering though, other network traffic that is not encrypted, like DNS lookups for instance, there is opportunity to read (or spoof) DNS data.
Utilising VPN's or SSH tunnels to provide a secure encrypted connection to a trused server and sending all traffic via that, is a way to further reduce risk.
No. That is the whole point of Transport Layer Security, the entire connection is encrypted.

1 members found this post helpful.

Assume that wireless, by itself, is insecure .. even if the access-point you are connecting to uses WPA2 or something else.

For that matter, assume that an ethernet cable is insecure, too, because that traffic can rather easily be "tapped," too.

Use tunneling technologies such as VPN to encrypt the traffic. Then, it doesn't matter who "taps the wires" nor by what means they do it: the traffic itself is unintelligible.

1 members found this post helpful.

Moved: This thread is more suitable in <Linux - Wireless Networking> and has been moved accordingly to help your thread/question get the exposure it deserves.

(wpa2 on a public wifi??) OK about that, and the LAN...
Since I can be sure that nobody else on my LAN at home even knows the difference between encrypted and non-encrypted data... {win xp user who needs my help to fix desktop icons that launch firefox at a bookmarked site if the bookmark goes stale (for example)} And since my laptop (to which nobody else has access) is only device on which I ever installed my wpa2-psk key. So I'm not too worried about that on my local LAN. It's when if I bring my laptop elsewhere...

Spoofing is why I like that my bank does two stage authentication with a private personal image that they display at the 2nd stage login prompt...

Don't suppose there are any truly trustworthy free VPN providers out there?

Good! That is what I thought it was supposed to mean... But I wasn't sure that the so called envelope was also protected.

Thanks...