> Btw, can an adversary on such a lan typically spoof source IPs and eavesdrop on packets between other nodes?
Yes, or no. It's possible, and with the right lan equipment trivially easy to prevent this, however you can't tell from the outside if the network is set up this way or not so you have to assume it isn't.
Thanks for the info. I remember that 10-15y ago there were these snoopers you could install (perhaps a Firefox extension - I remember it was very easy) to steal session cookies from Facebook users in the same public WiFi’s. After that SSL by default – previously deemed “too expensive” for Facebook – was deployed rapidly, never to be mentioned again. So it sounds like WiFi too has improved then.
Yes, or no. It's possible, and with the right lan equipment trivially easy to prevent this, however you can't tell from the outside if the network is set up this way or not so you have to assume it isn't.