he can easily get your mac address, and even pretend to be the server you are accessing: e.g. he can pretend he is tdameritrade , if that's where you login a lot for your stock, all he need is run a software and get your password to your bank or stock ... he only need to succeed once, think about it...
don't take chance if you are using network handling your money etc.