Spare me the numbers because that is not the focus of this discussion. I will be productive here as you wish. So I will show you the illustration and show you where your security understanding is flawed.
The original usage of VPN is as follows
Here environments A and B are secured environments via firewall and facility hardening may it be application hardening, gateway hardening or even physical facility hardening. They are not connected using dedicated lease line laid point to point physically and connected via the Internet, which is inherently an unsecured network. In order to allow network traffics to secured traverse between these 2 networks, VPN are setup where each environment host their own set of VPN gateway(s). Is this the SECURED usage of VPN.
Now. Your usage of VPN is as follows
What goes out of the VPN server towards your intended target is INSECURED. You can't sue the VPN service owner because they did what they promised. a SECURED line from your host to their VPN gateway. But what goes outside of their network is not under their charge. Internet traffic are not END-POINT to END-POINT. They hope between multiple gateways. Your VPN service, NO MATTER HOW REPUTED THEY ARE, have NO CONTROL over any hops outside their own network. While they provided eavesdropping between your host and them, they not TOTALLY NO CONTROL thereafter. As such, someone who is eavesdropping after the network packet traverse outside the secured channel is susceptible to sniffing. Your usage of VPN DO NOT OFFER END-POINT to END-POINT security. As such, you are only under the impression that you are secured but you are actually not.
If you want to argue that at least you have partial security from the WIFI sniffing. My answer to you is be prepared for whatever confidential information such as your credit card info, your personal info and so forth to be intercepted elsewhere. Those that sniff your WIFI is normally small time hackers. Good ones is not interested to target at just one, but a whole lot. They will likely hack into gateways in the middle and compromise them for such purpose. They are not targeted at you only.
Here I shall give you an illustration of SSL/TLS. The underlying security channel concept of HTTPS.
HTTPS provides end-point to end-point encryption to give you a secure channel. But this is not all. In order for proper security to take place. First there is a circle of trust to be established. This is enforced using X509 certificate which is validated by decent browsers. Any applications that skip X509 certificate validation at the end-points and just use SSL is still susceptible to MAN-IN-THE-MIDDLE attack using certificate swapping.
Please do not sell that VPN used in your way is secure. The next thing is your find people believing in your half-baked knowledge about security and start using VPN and then exchange confidential information, without the full knowledge that beyond the VPN service, their network packets are traversing in unsecured Internet.
I have said and would repeat once more. Please get yourself acquaintance with proper Technological Security topic before making the statement that your current usage of VPN is secure. There is obscurity from some parties, but NO SECURITY.