Hi Stephen,
Although I am not an expert on security, what determines whether or not services are being sent as HTTP vs HTTP's is dependent upon the configuration of the server that is hosting the services being used in your web maps, and not necessarily just the network itself.
For example if you're working with ArcGIS Server, and have configured it to use HTTPs Only, then all of your services would have been added to the web map using HTTPs and will use the level of encryption that is currently configured on the server itself, such as TLS 1.2, 1.1, etc.
This is similar for Portal or ArcGIS Online, as they have their own way to configure security settings as well.
Public Wi-Fi networks are typically open to more security vulnerabilities, as more people have access to them and can use them maliciously. Therefore I wouldn't recommend using public Wi-Fi networks to share sensitive data, even if you're using HTTPs. If you have the option to use VPN, I would recommend to go that route, as you can control who accesses those services.
Here are some helpful links for security best practices for ArcGIS Enterprise and ArcGIS Online:
- Server - https://enterprise.arcgis.com/en/server/latest/administer/windows/best-practices-for-configuring-a-s...
- Portal - https://enterprise.arcgis.com/en/portal/latest/administer/windows/security-best-practices.htm
- ArcGIS Online - https://doc.arcgis.com/en/arcgis-online/administer/configure-security.htm
Are you working with ArcGIS Online, ArcGIS Enterprise, or ArcGIS Server?
Thank you
-Kevin