Sandboxing should prevent most of those issues. We can't control the users giving permissions to everything, but with more control on those permissions, or disabled by default, a phone should stay pretty safe, or am I missing something?
Be careful with this statement. The whole premise behind banks requiring non-rooted phones is "we can be sure that sandboxing works on the original ROMs—e.g., it will prevent malware from screenshotting our app, and we know that certain custom ROMs patch this snapshot-prohibition code out, thus deliberately breaking the sandbox that we rely upon".