I don't think it matters if the mac address is legit, spoofed or changed often, or if the phone has been binned.
If someone contacts them and says "Hey, I just checked my logs, someone connected to our Cafe's WiFi with that MAC address at 10:15am on the 35th of Febtober, and I checked the CCTV and there is a shifty looking guy sipping a coffee in a corner, surrounded by fireworks and empty boxes of nails, scrolling through facebook - want to check it out? I have the credit card number he used to buy his coffee" that'd be pretty damn useful.
