If your Wi Fi router is hijacked (which is a bit more thorough than simply obtaining your Wi Fi password), then the attackers will be able to see every byte which leaves your computer or enters it. Theoretically, safe Web browsing is still possible thanks to SSL.
Granted anyone nearby can always interfere and cause denial of wifi service without knowing your password (e.g., often turning on a microwave oven will interfere with all wifi traffic being sent to you).
Or have their own computer/router that they fully control that sends impersonated messages as you or your router.
He can easily get your online credentials, there are numerous tools to achieve this.
The most important thing here is to secure your system, even if the network gets hacked.
The attacker just need to search for the default user/pass combination for that particular router in the internet, after he got access of the network.
If the attacker gets router level access, then he can access/capture the data of each user on the network.
There are tools which scan your system for all types of OS/software vulnerabilities.
Once a vulnerability is found, the attacker uses it to get access through a terminal in your system.
At this point, he can access all files in your system.
If there are some files, which you can't afford to be exposed, it's better to either encrypt those files or use software like folder lock.
They also will know when and how much encrypted data is being sent.