(Earlier reports either said or implied that the default Wi-Fi Sense setting not just opted users into being able to use it, but automatically shared joined networks. Colleague Ed Bott put the kibosh on that.)
This prevents an actual network effect, in which sharing a network would quickly cascade across six degrees (whether Kevin Bacon is involved or not), so that every Windows 10 user would have access within a few weeks to every shared network by any Windows 10 user. Microsoft's design prevents that.
Windows 10 also puts in a kind of local firewall for users who access a network through Wi-Fi Sense, which is very similar to the Guest network feature added to Apple base stations a few years ago. Locally available resources--like computers, home-sensing devices, printers, and the like--can't be reached because Windows doesn't provide network routes to them.
Sense and Sense's ability
Microsoft's approach is better thought out than the advance word led me to believe. At each opportunity for access to be spread farther or potentially expose network users, they've clamped it down. However, it does introduce risk by allowing first-degree acquaintances of those who have password-based access to a given network and who choose to share it.
As with all such risks, the question is how useful is that vulnerability to exploit, and how much effort would it take? Malware targeting Windows 10 could potentially intercept or decipher passwords delivered for network access. (The passwords must be locally cached in some fashion, because without Wi-Fi network access, Windows couldn't request the encrypted form on demand to connect to the network in question.)
And while Windows 10 blocks access to local resources, it's possible again that malware could bypass that resistance, and that block doesn't exist if someone recovers the password. However, on balance, it seems unlikely that there's a good vector to exploit that would harvest enough passwords or network access that were useful enough assuming malware could be developed to do so, because the value of a Wi-Fi password is only in your physical proximity to a network. A Wi-Fi password doesn't help with a remote network break in.
Apple chose a very different approach with syncing Wi-Fi passwords. Starting in iOS 7.0.3 and OS X 10.9, enabling iCloud Keychain copies Wi-Fi passwords among all devices that use the same iCloud login and likewise have the keychain feature enabled. This is nice at coffeeshops: I've logged in using a password on my iPhone, and then my laptop automatically connects a moment later. Passwords are protected using encryption information particular to you. Even though it's synced via iCloud, Apple lacks the pieces necessary to decrypt those items. (This is distinct from photos, contacts, and the like that can also be viewed at iCloud.com, which by necessity Apple has to decrypt to show to you.)
Sign up for CIO Asia eNewsletters.