diaboliquepsychotea My incentive for using GOS is not only security, but also data privacy.
My understanding is that many apps use components of Google Play Services/Store and the Google Services Framework (GSF) to facilitate notifications, telemetry, advertising, and other data manipulation.
Since apps can share data between each other with mutual consent, I assume at the very least that any apps made by the same developer will likely have some data-sharing enabled between them.
If I use an app that does not have network permission granted (for example, Gboard) but which can share data mutually with another app that does have network permission (for example, Play Services/Store), then I view that as a potential privacy concern.
I assume that any information collected via Google Service/Store APIs may pass through Google's servers on its way to wherever it's going, and therefore I try to minimize the amount of Google-dependent apps on my phone.
For this reason, I do not use the Play Store/Services, as they pretty much require network permission to function properly.