Normalcy Bias
Just because it hasn't happened doesn't mean it won't happen.
The Android platform, as a consumer product, is only about 10 years old.... and now runs billions of devices worldwide. Nearly all the security problems that have occured have come from devices that were running old, out of date versions of Android and often loading apps from untrustworthy sources. Remember the good ol' days when you could run an app that could root your phone with a single click? Well, there are a ton of phones out there in the wild running that generation software, owned by people with a similar attitude.
But the problem goes beyond "my phone is up to date, I'm cool" See... you aren't. Hackers are getting much more sophisticated now and the primary attack is just a stepping stone. Remember that huge Target credit card breach from a year or so ago? That all started when some unsuspecting schmuck accessed the wrong site from the wrong poorly secured computer. One dude... one computer.... millions of people affected. IT departments across the land are scared crapless at the possibility of an incursion caused by a clueless/indifferent employee exposing the wrong bit of info on his junk old phone.
So while I own one of the most secure phones available, the fact that a rather huge chunk of the active phones out there are trivially easy to crack means that I am still at risk.