I'm far from paranoid, but I'm also never on the cutting edge (for several reasons).
Contactless isn't yet in the stage where it's viable to attack en-masse. Let it gain ground, let your frauds sink into the background of millions of exchanges a day, and then you can start playing with radios and authorising payments in the user's absence.
I'm just not convinced of contactless at all. Why not even just "contact". I have to tap the Oyster against the thing anyway, there are a plethora of 1-wire protocols you could use and then you don't have the "broadcasting radio messages on known frequencies" problems that you do with contactless. It's no quicker to get within a few cm's than it is to actually touch something. And at least if someone's tapping it, you stand a chance of detecting it with just your eyes or even electrically.
I have, however, sold (not directly, but got them to buy) many RFID-blocking sleeves to friends and relatives without even trying. I had a set. My friends/family saw them, asked what they were, bought their own - or an RFID blocking wallet.
All the current card technologies (Chip & PIN, magstripe, contactless) seem to be insecure, as far as I can tell. The only exception is where you're posted a secure pin-pad thing to authorise large transactions or direct debits - because those MATTER to the banks. You / the retailer getting stung for £20 isn't even on their radar, so they don't care.
Chip & PIN, especially, drives me mad. You have to enter your PIN into random box handed to you with different manufacturer and no verification of what it is, plug a number in, and that can be magically transported through the airwaves to verify at your bank. There are SO many holes there that you can drive a train sideways through them. Not least, I have no idea if I'm being MITM'd and the actual Chip & PIN machine is behind the bar and some guys is just recording PINs from his modified keypad, pretends it authorised, and then later uses them to perform the "real" transaction, plus the occasional fake one.
Sorry, I just don't trust it. Oyster itself went through several versions of insecure cards before it got sensible and yet the "insecure" ones are still just as valid for payment. Give it a decade or so, and I'll have a look again.