As far as I am aware, the connections to Facebook & e-mail are encrypted, so man-in-the-middle attacks shouldn't be possible. Installing rogue apps could unravel that, as it could scrape the information (or some of it) from Android itself, but this has nothing to do with the connection.
In terms of using public, open WiFi for sensitive communications, it's a bad idea. While they can't read the data being transmitted (as it's encrypted), they could record it, and attempt to break the encryption after you've left. Although this is unlikely to happen, as it's very difficult to break encryption of HTTPS transfers. Social engineering in the form of phishing attacks is a bigger risk, as an attacker could spoof the DNS server on an open WiFi connection, and direct users to fake sites to steal login information. This is mitigated by using apps rather than a browser (which probably connect directly via IP, or at least would be looking for specific responses from an API).
An analogy would be like speaking in a foreign language to a friend - those around you can't understand it even if they are listening, but if they record it they may be able to figure it out later. But for most purposes, it's safe - just wouldn't trust high-risk things like bank details.