I think zero filling is overkill. Formatting will mark all sectors unused and they will be overwritten with new data.
In most of the cases you're right. However, if that were a guarantee, there would be no need for low-level formatting EVER. Of course, it is up to the user to decide to what level to push their protection. I'm just saying there IS malware that resides after formatting, it is just not that common.