Actually you shouldn't use a smart phone (especially Android-powered) on any open wifi network, Starbucks' or otherwise.
We wanted to know if it is really possible to launch an impersonation attack against Google services and started our own analysis. The short answer is: Yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs.
Essentially Android transmits "authentication tokens" that are grossly under-encrypted when using http servers. What this means in English is that on unsecured networks like those at Starbucks, smart-phone data is a sitting duck for hackers.
The solution to this problem is to download updates from Google. Those updates, however, come infrequently and are not usually automatic, so an Android smart-phone user has to be up on their shit in order to keep their phone safe.
Additionally, people with any Internet-accessing device should only access e-mail and other sensitive info on secure https servers, not http.
That or just skip hack-magnet hellholes like Starbucks altogether.