Is my computer at risk of being hacked when using public Wi-Fi?
Maybe. The question is not whether there is a possibility that someone might be able to hack into your computer; the answer to that question is always yes, it might be possible. If you are connected to a network, we can't rule out the possibility that someone might be able to attack you. Rather, the right question is, how big is the risk?
In your case, if you use good security practices, the risk is pretty modest. Good security practices are things like turning on automatic updates to keep all programs updated with the latest security patches, using anti-virus, using a firewall (should be enabled by default on Windows 7), and not visiting any site that requires a login over public Wi-Fi.
Not especially risky. It sounds like your practices are relatively safe.
The biggest risk has to do with visiting Stack Overflow: because you are using a public Wi-Fi network, and because Stack Overflow does not use SSL (HTTPS), if someone there were malicious, they could steal your Stack Overflow login credentials and take control of your Stack Overflow account. They might not be able to learn your Stack Overflow password, if you never type it into your browser while using public Wi-Fi, but they could still learn the authentication cookie that's stored in your user and that's used to log you in. At that point, once they have the authentication cookie, they have control of your Stack Overflow account.
However, this risk is relatively modest, because it's just your Stack Overflow account, and let's be honest, it's probably not the end of the world if someone steals your Stack Overflow account. The Stack Overflow folks know about this security risk, and they've been asked to adopt HTTPS to mitigate this risk, but they have declined to adopt HTTPS because they consider the risk to be of low-severity and they consider Stack Overflow accounts to be not important enough to be worth worrying about very much.
I'd argue that anytime you're in a situation where someone can inject themselves into the data stream between the user (you) and any server/service provider/content provider, you incur a higher level of risk than not.
First, let's look at the attack surface of your laptop (i'm assuming you're referring to a laptop here). Every computer can be a client or a server. In many cases, it can be both. There's increased risk when your laptop runs as some sort of server for an application because running as a server usually implies that the laptop is running a service that is accessible by someone. The risk becomes exaggerated when server software isn't properly patched or when there's a new attack vector that the vendor has not issued patches for. Do a Google search for services like BIND, Sendmail, SSHD, and you'll start to see that there are some vulnerabilities that are remotely exploitable. Fundamentally, this means that when your laptop is accessible by someone and there's a vulnerable version of some server software, then it's possible for an attacker to gain access to your computer. This access might be limited to certain parts or it could provide the attacker with admin (root) rights. It depends on the vulnerability and the service. Most OS's today usually come with some form of host-based firewall. However, some people tend to turn off firewalls. Some other people might open access to certain applications, especially if running a server service is authorized.
Second, another attack vector is network services. When someone can inject themselves into the data stream, an attacker can modify traffic in transit. Considering that most public hotspots don't implement high levels of security and wifi is provided as-is without any warranty. If you look hard enough, you may find the hotspot and trace it back to some sort of switch/router. In such instances, an attacker can easily inject themselves into the data stream and start sniffing sessions. A more advanced attacker could easily make themselves into a proxy and launch man in the middle (MITM) attacks where all sessions pass by their systems. SSL/TLS might provide data encryption, but an attacker that's injected themselves into the data stream could easily see the contents of encrypted traffic as well.
To answer your question, can someone hack into your computer and see what you've downloaded? It's certainly possible. But I'd argue that a malicious attacker will likely attempt to install some sort of malware on your system to extract more valuable data in the long term than a access list of downloaded software.
Is what you're doing risky? Yes - every action comes with risk. Any public network simplifies the launch of an attack. Consider the ease at which anyone can setup a wifi hotspot. You'll likely see wireless networks like "Free Wifi" or "Free Hotspot" in many locations. Many users are smart enough not to connect to those networks. However, what if you went to a coffee shop and saw a wifi network called "ATT" or labeled as some coffeeshop name? The same people that avoid "Free wifi" networks may choose to connect to someone that looks more official.
With that said, if you have host-based firewalls enabled, consistently patch OS and applications (i.e. Flash, Acrobat, Office, etc), use some sort of AV (not really effective against modern malware (i.e. 0day) but still affords some level of protection), don't enable unnecessary services, and perhaps use a VPN connection, the risk of compromise will be lower overall. At the same time, attackers are becoming more organized and are after money. So if you don't access banking sites, access or store data that is sensitive, or otherwise use the laptop in such a way to not access sensitive data, then you'll be at lower risk of losing important data (i.e. identity stolen, loss of corporate data, etc).
I don't go on sensitive sites
You don't, but your computer does
You don't, but the software you are using might go to the most security sensitive servers: the repositories were they automatically download software updates.
Theses repositories are the most possibly security sensitive "sites" for you because if they were hacked (modified) or if some impostor were able to impersonate these servers, you would get, and possiby install, modified software. This corrupt software might then steal your passwords, copy your files, etc.
So the answer is:
Is the automatic update protocol secure? (for every program I use)
(The answer is a question, and I don't know its answer.)
I don't go on sensitive sites
You don't know where you are going with your web browser
You can't know where you are going to "go" when using a Web browser.
You might browse only nicekittenphotos.com, but this site might include resources from other domains (and you can't know that before going to nicekittenphotos.com - even if you have checked before, the site might have changed).
For example, many sites include scripts from google-analytics.com (http://www.google-analytics.com/ga.js). This implies that your www.google-analytics.com cookies are sent.
This works for any website were you have cookies. A rogue Internet gateway could collect your non-secure cookies on any website.
If you are logged in Google, your logins appears in some HTTP pages returned by Google and YouTube, so it would possible to learn your Google account name.
If these HTTP resources were modified by a rogue gateway, this could impact other more important web sites. If these HTTP resources are stored in the disk cache, this could impact other web sites for a long time.
You can mitigate this threat by emptying your browser cache after you disconnect from public Wifi.
I suggest that you use private browsing mode.
You could also use Tor, to trade the risk of a rogue Wifi AP to the risk of a rogue Tor exit node.