de0u I believe that, no matter how many times the question is posed, a strong confident answer that it is OK to do this will not be available. There will be some risk. I do not expect anybody will put a number on the probability.
Of course, there will always be some risk. However, whether that risk is negligibly small or un-ignorably high is largely dependent on what you use and what the circumstances are. And if those two things are known, I believe that reasonable assumptions/assessments can be made.
For example, if I were to use Qubes OS, I wouldn't worry a bit about connecting to public wifi. Qubes is set up in such a way that different software & activities of varying trust/security can be separated into different VM's, or in other words, qubes. That way, if one qube has malware or is compromised, that compromise is contained within that one qube and other qubes are unaffected.
Consider the many other features like disposable qubes(qubes that are erased once shut down, so that you start off from a clean slate the next time you start it up), network handling being given its own qube (which can also be made disposable), optional anti-evil-maid, and plenty more hardening under the hood, and you can see why I would have that peace of mind if I still used Qubes OS nowadays.
Even if the Qubes devs consider their OS to be only reasonably secure, it'd may as well be invincible for everyday use by the average Joe(as long as he follows basic precautions and uses the OS properly, of course) What's the likelihood that, for the 15 minutes you're connected to the free McDonald's public wifi, some seasoned hackers in that same McDonald's are going to target your machine by executing a series of zero-day exploits to bypass the compartmentalized structure of Qubes? You're not Snowden, and you're not wanted by state actors(at least I hope you're not), so I think you'll be alright.
However, I cannot take the same, relaxed stance when it comes to connecting GrapheneOS to public wifi, as it doesn't have that same kind of security by depth and compartmentalization (as far as I know) as QubesOS.
Not to mention, I know nearly nothing about how hotspots work. Knowing how they work would play a big role in assessing how risky using them is. Imagine if the way that hotspots worked is, when you share your hotspot, you grant the other device/phone permission to directly access your mobile network under your name/account. Contrast that with another method; if when you share a hotspot, the other device indirectly connects to the internet by connecting to your phone first before reaching the mobile network. This means that your phone would have to handle and funnel all the potentially-malicious data to and from the network for them. I'd consider the latter method a lot more risky than the former method, unless if substantial safeguards are implemented.
Once again, I'd love for somebody that has experience working with hotspots to chime in and settle this discussion.