The firewall in PCLinuxOS is not turned on by default in all PCLOS releases, so you will want to verify its status when the time comes.
As far as the VPN / proxy goes, you would be using the apps on your laptop, but routing the traffic over a secure tunnel to you home computer / server.
Using X over SSH is easier, as everything you need is already installed in all versions of PCLinuxOS. It also creates a secure encrypted tunnel, but instead of using the apps on your laptop, you lauch the apps on your home computer, but display them on your laptop thought the secure tunnel.
Both methods makes sure that the traffic is encryped as it passes over the wireless connection and through all network monitoring / filtering at the hotspot, all the to your house; the security is the same as if you were surfing from home.
The encryped tunnel does add some network bandwidth overhead, so it is not quite as fast as not using it, but if you have decent connection speed it does work well. If I'm doing things like online banking from locations outside my house, I use the X over SSH method, as the entire session is running on my home computer and is more secure (even from loss / theft); for general surfing I will sometimes use whatever connection is available without encryption.. it just depends on what you are comfortable with.
EDIT: just a note: SSH is probably the most targeted service by hackers because people will often have it running and use passwords that are not strong. There are a number of ways to add additional layers of security to SSH, so if you decide to pursue this method this is something you will want to address... I only have one user that is allowed to access my home server via ssh and that user has a very strong password. SSH keys and programs like fail2ban can also add more layers of security...