I have used Android phones ever since HTC Hero (the international "chin" model) came out, with 1.5 on board.
I have always rooted and modded my phones to my liking, and always employed common sense when choosing which apps to install and where from. NEVER had any malware/infection on any of my devices (currently own several of them).
Currently, Android is very secure IF the end user does NOT fiddle with the security settings (like USB debugging, rooting, allowing installs from unknown sources, and the like). I have personally done all of the above, but again, I have always taken care and used common sense (and a bit of knowledge) when picking apps to install (reading the permission list always helps, as well).
I always choose to trust my own judgement before trusting choices made for me by others (like a corporation).
Bottom line is, you don't have to mess with the default settings on your phone just because someone you know has done it before. This way your phone will be secure enough, just use common sense and/or knowledge. If you lack both, stay the f... out of security settings section.