regarding the confidentiality of your files, you're right - the files are encrypted on your device, a man-in-the-middle could not read them, and the certificate pinning of our software prevents an interception of the communication between our server and your system.
However, there are a lot of other attack vectors that go beyond keeping the confidentiality of your files, and make VPN useful. Example: While nobody can read your files, you don't know how well HiDrive itself is protected against MITM attacks. The truth is, once an attacker is able to put himself between you and the servers you're trying to access, there is a very high chance that he will be able to either get into your system, or steal some data/credentials (not of Boxcryptor, but of other services).
Therefore, I still recommend using VPN in an untrusted network.