1. You left out one of the most important parts of a VPN, namely for when you're using an untrusted wifi network. 2. I think you're overstating the shifting-IP problem. If nothing else, you should be using 2FA on things like PayPal anyway, so I don't really see how it requiring an additional step is somehow a problem. Meanwhile, if a site outright locks you out because of a login attempt from a different IP, it's time to find a new site.
1. Thanks. I've added that point. For public wifi network or untrusted one, VPN is surely a big help. 2. I don't mean to overstate the shifting-IP problem but I had a first-hand experience about this. It's easier to be said than done, to find a new site when you've been dependent on that particular sites. Don't you think?
It is easier, sure, but to me it shows a lack of knowledge on the part of the website that would make me wary.