This. The question of public WiFi often isn’t “can you keep your comms secure if you try”, but “will my average user who just wants stuff to work While traveling be better off on their own mobile hotspot or connecting to dodgy free WiFi?” Unquestionably, they’ll be better off avoiding public WiFi.
Applications like Outlook will warn you about cert problems but still let you bypass them. This could be better on app side, but it’s a reality end users deal with. And when/if IT knows about it, it’s because the user complains that their laptop/Outlook is broken. The avg business user doesn't think about cert chains.