Depends on whether it is encrypted. If encryption is turned on, then you are somewhat safe from eavesdropping. If not, then everyone can see everything except HTTPS, VPN, etc. In short, only use wifi where you type a password to access it.
The other parts of your advice are fine, but I wouldn't waste a lot of time on "long and complicated" passwords. There is a problem with cracking short passwords from stolen hashes. But if your provider has hashes stolen then everything else can be stolen as well, so your long and complicated password is safe but your SSN in their database is not so you lose.
Password-protect the files you upload. And pick strong passwords. ALWAYS.
Well if the encryption is weak, then a strong password won't matter. If the encryption is strong then a strong password is no better than a "weak" password beyond a dictionary word. A short made-up word will be adequate.
Browsing other people’s computers on a public wifi is more difficult now. Most infections are self-inflicted. I once honey-potted a share on our network and it got ransomed so these things can crawl across networks.