Jasper You want to get deeper? Let's go (while not getting too technical here hopefully). For my last post in this thread.
Only for reference: I'm referring to the OSI layer model (probably not the best to describe this, but the most familiar one).
We've assumed we're connecting to network we don't trust (for whatever reason).
Your non-secure area (public wifi) resides on layers 1-3 (Physical, Data Link, Network)
OpenVPN (one of the most common applications within this area) by default (TUN) works on layer 3 (Network).
TLS / SSL works on layer 5 (Session) (between TCP (Transport) (4) and HTTP (Application) (7)).
You want to be as secure as possible? Go down as low as possible.
How low can you go? As already stated above, OpenVPN with (by default) layer 3. You can go down to layer 2 with bridging mode (TAP), though.
You don't know the possible threats. And i don't know either. Otherwise they probably wouldn't be any (real ones).
TLS definitely adds a comfy part of (felt) security. Is it enough? For the lulz.