The levels of security are really quite shockingly poor if you're prepared to mess around and look carefully aren't they?
I'd actually disagree with that.
I have a rooted Android phone (in fact, it was one of my primary considerations when purchasing) and I'd say my phone is more secure now than it was when it was running Samsung's stock firmware.
I have control over my own system, and have applications running that require root access daily. I have the power to vet all applications on my system and restrict what system resources they can access (rather than the more traditional Android model of the app giving a list of demands, and having access to everything it wants 100% of the time). Nothing accesses root without a confirmation from the user, with the exception of one application which has been granted it permanently (it runs 24/7). Most apps which aren't root-aware or don't need it still run within the standard Android per-app security environment which locked versions have.
As with anything, if you download and install applications on
any system (Windows, Mac, Linux, etc) and blindly say 'yes' when it asks for administrative access, you get what you deserve. That's no less true on rooted versions of Android. It's like saying Windows or Linux have poor security when users blindly click 'yes' to everything without considering what they're agreeing to.
Of course, I am someone who is employed to be a professional power-wielder (SysAdmin) and who knows what is and isn't right to be doing with that power. I certainly wouldn't recommend it to 99% of people.
