Use Play Store, don't use Unknown Sources
Still lots of fear about this - you don't need to be on Android 4.3 to be safe:
- If you only install from the official Google Play Store, you're fine - Google can scan their store server-side.
- If you don't install any apps, you're fine.
- Stay clear from Allow Install from Unknown Sources, which by default isn't enabled anyway.
- Vulnerability that trojans are installing via is a phone-side weakness, which is only a problem if the app source you're using (pirate app store, spam email or mms containing installer) isn't vetting the apps before they reach your phone.
Re: stuck on Gingerbread are budget 512mb ram and/or 320x240 screens, they just don't have the grunt needed for the newer Android releases.
Lowest spec owned by my family members is a Galaxy Ace 2 and that's on an official Jellybean 4.1.2 now.
My almost 2 year old midrange Galaxy Nexus is running 4.3 like a pro.