It really depends on what you're going to be doing on the public network. You definitely shouldn't do any banking or log into any accounts you value. In general, wireless has a lot of issues when it comes to security, because of the fact that the signals are propogated through the air as radio waves, and they cannot be physically confied and controlled, like wired networks can. It's just simply impossible to physically control the medium of data transmission, with the exception of using special paint and window coating to prevent or greatly limit signals from reaching outside the outer walls of a building. This isn't applible for your usage of public wifi though.
It's possible for hackers to set up fake wireless access points, victims connect to them, and then they intercept their traffic. This is called a man in the middle attack. If you were to fall victim to a man in the middle attack, if you logged into a site that uses plain text, unencrypted http, like bleepingcomputer.com, when you log in your credentials would be intercepted. Also, your login session cookie could be hijacked, even if the BC login form used https encryption for the authentication. Furthermore, even when you log into sites that fully use https encryption throughout the whole site, including during authentication, and even after authentcation, you could be tricked into accepting the attackers SSL certificate, which would allow them to decrypt your traffic. Have you ever seen something like this in your web browser?
It means that the SSL certificate cannot be verified. During a man in the middle attack, an attacker could intercept your web request, present you with a self signed certificate, you would receive a prompt like this, and if you clicked "I understand the ricks" and proceeded, the attacker would now be able to decrypt and view your traffic. It could even be done with a Java applet, and would look less suspicious. I can't find a screenshot after some quick searching, but in that case your browser would pop up a dialogue asking you to run a Java applet, and it would say it's signed and verified, and secure. You click run, and you're owned.
The best method for using public wifi in a secure manner as possible, would be to set up either a SSH server in your home network, or a VPN in your home network, accessible externally through the internet. When you are on public wifi, you'd either just SSH into your server, or establish a VPN connection, and you would be using your home internet connection for your web browsing or email or whatever. You could of course use a VPN service like the one you describe, but it's always safer to use your own network because you control it.
As far as proxy.sh, I looked on reddit and it seems people aren't too happy with them because they've done some logging to catch hackers, and users consider it a violation of the trust they put into them.
But as far as their service being malicious, and as far as your MBAM alerts regarding IP addresses, I don't know. Have you checked on proxy.sh's web site to see which IP addresses you should be connecting to, and compared those with the IP addresses MBAM is alerting you to?
Edited by irvin_than_allyl, 26 October 2015 - 12:15 AM.