It's yet another example of biased risk-awareness.
You can take a service - let's say...a calendar. You've got a choice of going with provider A, who will give you a product that's free but with a few adverts and some behind-the-scenes data-slurping and the possibility that any details you give them may end up being sold in bulk by whichever unscrupulous group has compromised the security of that organisation.
Or you go with company B, who don't give you adverts, don't mine your data and invest heavily in their cyber-security platforms - but it'll cost you £10 a month for a product of a comparable standard.
Probably 95% of people would go for the former, and accept the risk that there's a very slight chance that some of their credentials will be compromised. If company A doesn't need your address and bank details, then the compromise is an inconvenience to the average user. If company B is compromised - and let's remember that no connected system can ever be 100% secure - then potentially you'll be exposed to a significantly larger loss - not just getting spammed for viagra and russian brides, but you may lose real beans-and-beers money from your bank account or credit card.
So yeah. I don't like the message but I kind of understand it. It feels like people increasingly see "being hacked" in the same vein as getting a speeding ticket - you do what you can to avoid it, and if it happens you'll be annoyed, but it's not the end of the world.