Oh no... telling everyone the WPA2 password is 'free' is not a nice idea. Now everyone knows it. And it's a bad idea anyway. Providing free wireless WPA2 protected connection is not the key (Wireshark can sniff WPA2 traffic - mind you). The websites must properly secure the connections and always turn on encryption to be safe. Free WPA2 wireless access points is like a temporary band aid to stop a bullet wound. You need a permanent fix... which is every site use well implemented secure protocols.
P.S. I wonder what is Sophos people thinking. Do they know what they are talking ?