~ Some sites I log into will show the lock icon in Internet Explorer as ~ soon as the site comes up. Others show the lock icon only after ~ logging in. ~ ~ Is it safe to assume that on a public hotspot such as in a hotel that ~ my user name and password is unavailable to a snooper if the lock icon ~ is visible prior to logging in? ~ ~ I assume that such information sent to log on is available whenever ~ the lock icon does not show.
Your assumptions are correct.
I.e. IE shows a lock icon iff the URL protocol for the loaded page is HTTPS. HTTPS communications are encrypted. So, if I am looking at a web form that has a URL starting in https:// and if there is a little yellow lock icon on the status line at the bottom of the window, then I know that I can type in my username/password into the form and send it over the Internet, and they will be encrypted.
If the URL starts in http:// (no lock icon), then if I fill in my credentials into the form and transmit the page, then they will go out into the Internet unencrypted.
IMO, when you're using a public hotspot, it's best always to use a VPN tunnel back to a known good endpoint. I use a service provided by my employer; you can set up your own VPN server in your home or office, or can use a VPN service provider.
Aaron