the law attempts to cover those who try and secure their networks against unauthorized access. if you change the root passwd on your device, it shows that you are trying to limit access and you can claim you do not want "visitors" on your network. if you use encryption or MAC filtering, you can make that claim as well. if you leave the device as is, out of the box, it becomes harder to make that claim.

being that the law cannot force you to secure your wifi, the is room for interpretation, and i would guess that the intent of the visitor would come into play in the case where unauthorized access was gained to a default configured AP.

Many of the commercially available free wifi connections have a registration page which contains some sort of EULA, that acts to indemnify the hosting party, and designate their service as "free".