My guess is just beliefs. It's pretty similar to what happens in code at-least where i work at.
Dev tries to make it super flexible, tries to make it fancy, implement DRY like one's life is dependent on it ultimately resulting in a hard to read/maintain messed up spaghetti code.
Also i don't see how can a person know all of the security stuff with a beast like Android unless they spent/are willing to spend an insane amount of time on keeping up latest exploits, architecture etc.
It would be interesting to see if these users views stack up in practice or these are just beliefs that are not practically demonstrable.