Any system (wireless AP, website, ATM, etc.) based on simple username/password or PIN (what’s sometimes referred to as pre-shared key) is subject to impersonation (intentional or not) or MITM (Man In The Middle) attacks. That's not to say the other guy's router would make this easy by simply dumping this information to a log. After all, the manufacturer of the device doesn't want to have a reputation for making good equipment for hackers! In fact, that's why some are reluctant/ambivalent about letting ppl install third party firmware on their hardware. It creates the potential to develop rogue wireless APs designed for this purpose.
So yes, this is ALWAYS a potential threat. But that's a compromise made by vendors to keep things simple and convenient for consumers.
There are other ways to do things that would minimize such threats. For example, anyone using SSH is strongly encouraged to use public key encryption (public/private key pairs) instead of username/password for authentication. Or in the case of wireless APs, perhaps a Radius server. But these significantly complicate the authentication process for the average, everyday consumer. So they’re rarely employed except where the risk is much greater and such measures are to be expected.
Even for myself, while I use public key encryption for my SSH sessions, I don’t worry all that much about the wireless AP. For one thing, your wireless client is always going to see and connect to the wireless AP w/ the strongest signal. So the risk from a rogue wireless AP, while not zero, is certainly low (iow, proximity matters). But if you think the threat is real in your case, perhaps it’s time to consider something other than wireless (wired connections always have been and remain far more secure than wireless).
As I say from time to time in these forums, except for the convenience, in all other respects, wireless sucks. As soon as you adopt it, you open yourself to all kinds of issues; security, performance, cost, complexity, you name it. But we sure loooooooove the convenience, don’t we.