You're right, most compromised accounts are user error.

However "a man in the middle attack" doesn't require that you visit a specific website or type your password into the wrong page, it can be done by simply being on the same wifi network.

There was a patch with iOS 4.3 for a security hold for a specific attack in 4.2. That specific attack is fairly complex which reduces your chance of it happening some but it's still possible & could compromise anything from your email to bank account.

I want to note one thing about this - if you have a smartphone there can be security issues to this approach. Have an iPhone 3g? Updates stopped at iOS 4.2 and no longer getting updates from apple. This means it's susceptible to a man in the middle attack and possibly other security vulnerabilities people find as time goes on.

If you're browsing the web or doing banking from your phone this is just something to be aware of. The cell I had prior to the iphone I had for ~7 yrs. :)

@hbaumann

unless it is a serious security update, this is rare. It is usually user error of visiting website they shouldn't. It is the user's responsibility to ensure they are visiting the correct website/using correct resources. The manufacturer can only do so much. In the case of the smartphone, you buy the best you can afford and wear it out as long as possible as Ramit suggests.

haha omg that is suuuuch an indian thing to do. I'm so proud!