When will I learn to copy my posts to clipboard before hitting post?

OK Gitsnik summed up the essay I just lost on passing the hash and to answer your question about rouge aps the victim would have to type his password into an unfamiliar box in his browser or be exploited in some other way once he was on the attackers network. If the user is that dumb casually asking or making up an excuse to need his password might be easier.