I think your example of a Starbucks is a good one, and I'd be curious to know. The attacker has to go and physically sit in or near the Starbucks to do it, which is a strong limitation. They also have to have to have something worthwhile to do with what they steal. So that limits it to criminals with the knowledge to exploit this MITM attack who are willing to sit outside a Starbucks for long enough to harvest a worthwhile set of credentials.
I doubt that many credentials were stolen this way.
Again, what's the upside to waiting? It looks like zero to me. Minor convenience for Apple at best. Placing their own convenience over the security of their customers is bad.
I doubt that many credentials were stolen this way.