Keeping an up-to-date blog and plugins somewhat reduces the risk of being hacked, but does not eliminate it. Here some things to keep in mind:
First of all, security vulnerabilities are sometimes revealed to public without vendor notification.
Most chances are, that the vendor will not know about this matter until somebody points it out (and this is rarely the case).
In this situation, there simply is no safe version of plugin to run, and most users do not even know that they are at risk.
But even when there is an official fix in an updated plugin version - users won't update. Simply because they are not aware of a critical security issue with plugin and prefer not to update the plugin (For various reasons, most common one being a lack of will to configure the new version of a plugin again)
There are more considerations to this matter, but the two above make a sufficient argument for a third-party security solution like 6Scan.
akingsail, thank you for your kind words!