Re: Oh dear.
They can copy your network SSID and create an "Evil Twin." Then spam you with deauth frames, and then spam you with broadcast advertisements carrying that SSID. I've done it at home for shits and giggles (to my own devices, obviously).
Someone mentioned the Wi-Fi Pineapple which has all of this built in. It's easy to do without one.
Protected Management Frames (802.11w) can protect against the deauth spam, but I'm not sure many home telco routers use that.
But yeah, I turned off auto-fill ages ago.