The problem with WiFi is that many high-speed internet providers give away a wired / wireless router with their DSL or cable modem, and by default security is turned off. SBC Yahoo! seems to ship their 2Wire routers with WEP on, but others do not. Many manufacturers have added features to make setting up encryption easier, since it seems to be difficult for the average user.
I recently surveyed our neighborhood patrol area to do a presentation on WiFi security, and within about an eight square mile area I found 855 access points, with almost half unsecured. Most of the remainder had WEP enabled, and a few were using WPA or some of the other shared-key encryption schemes. Most had SSID broadcast enabled -- less than 1% were what I would call very secure.
As for SSID broadcast, while NetStumbler won't see them, there are other tools that will snag the SSID if you monitor long enough, and even work out the MAC addresses of all devices attached to the network. If they are using WEP and have a considerable amount of network traffic, you can even eventually get the WEP key -- it may take a hours to days though.