The analogy is that none of that information is encrypted, but is available to anyone who has the card. The SSID is equivalent to all information that is available unencrypted. Oddly enough, none of your credit card information is encrypted or even hidden since you keep it on a card that you give to people in order to make a purchase. Tha’s the equivalent of broadcasting all that information to that person.
The PIN for debit cards is at least slightly better, although I doubt any of you would send me a scan of your credit card and then challenge me to figure out that four digit pin.
And you guys are forgetting one major thing: the network is not always available if you are using a laptop. If you go outside the range of the laptop, the laptop will detect the exact same situation as it does if you turn off the SSID. That was my point before: there is no way that turning off the SSID changes how the laptop chooses to interact unless there is an option that must be changed.
Fortunately, I know a lot more than I did back then.
The way it works is pretty straightforward. The SSID first checks for any broadcast SSIDs in the area. If one of them matches the one it needs to connect to, it connects and asks it for the password. If it doesn’t find the device, then the connecting device asks for a certain SSID, not any passwords or encryption. The access point can lie and say that it has that SSID. Then, and only then, does your device send the encryption information.
So, as I said, the scenario is the same whether the SSID is hidden or not present, both of which are likely scenarios. The only real protection is to disable that second step (asking for a certain SSID) on the connecting device. Otherwise, the only time broadcasting an SSID is more secure is if you can be sure that the network would always be present.