If the use case is as described (connecting to WiFi APs owned and controlled by the network in deadspots / hotspots - e.g. stadiums and large buildings - and not end-user APs in homes), it's not clear to me that this poses any significant threat above and beyond connecting to the same operator's cell towers. If you don't trust them to run a WiFi network, probably shouldn't trust their cell network either.
Having phones automatically and uncontrollably route via random 3rd party APs is a bad decision, but I didn't read GP as advocating for this.
The knowledge and equipment to hack WiFi-related systems is a lot easier to obtain on most of the world than the cellular equivalent.
In the US, at least, tampering with cell service risks getting the FCC involved, so very few people do it compared to WiFi hacking.
I'm very curious, for example, if the devices that connect to these APs are vulnerable to the WiFi client isolation bypass that was disclosed about a week ago.[1] That seems a lot scarier when there are potentially thousands of random people's personal phones connecting to the same WiFi infrastructure instead of a bunch of more or less trusted corporate devices in an office.
WiFi APs are not secure enough unless you're using another layer of security on top (a VPN, for instance). It's not a matter of trusting them to properly run a WiFi network. It's a question of if there's an additional layer of security on top. Is there?
Having phones automatically and uncontrollably route via random 3rd party APs is a bad decision, but I didn't read GP as advocating for this.