My view of security is this: it is a multi-layered process. Do everything you can think of. Even top websites can have a zero hour exploit. So, you don't download shady apps. But on THIS day some person decided to attack THAT website and people downloaded bad stuff as a result that wasn't even the fault of the original programmer. It's the wild, wild west these days. Or you get redirected to some website because you clicked on a tiny url in Twitter and it turns out to be something pushing malware in the background. You should have something like Lookout or AVG, absolutely.
In addition to their malware prevention and URL examinations, they also provide great features for things like finding your phone when it's lost; wiping data remotely from their website if it is stolen. Two-step verification, for instance, in Gmail makes it really hard to hack--unless they steal your phone. Then, you're in trouble. But with these services, you can lock down the phone or even wipe it clean remotely.
Lookout even has the phone camera take a picture if someone mis-enters a security password three times, and emails it to me.
It's not that expensive even for the premium protection. You also shouldn't assume it is 100% foolproof. Nothing is. Continue to exercise caution.