BitOnyx: It doesn't makes sense for you, because you have a smartphone, and can hook it into your bank. At some point, you have to have fiat. Some people don't have a bank. Some people have a bank, but could live in an area where btc is frowned upon. Some people have a bank, but their bank doesn't like bitcoin (many accounts have been closed even when doing nothing 'wrong', because the bank doesn't understand it). Some people live in an area with differing money laundering laws than others, and don't wish to be put under a microscope by anyone.
netbin: If your crypto is on anyone else's computer (like an exchange) then you can't be 100% sure of anything. Their computers could be top-notch, but an unscrupulous employee could empty it all. Long passwords are great to deter intruders, but don't help on an inside job. If it's on your computer, it's 100% up to you. Do you use Windows? Do you torrent anything? Do you visit web sites? Do you have effective malware filtering on your email? Do you follow good security practices? Do you live in a high crime area? Do you have outdated electrical wiring, or a wood stove (burn your house down)? Did you jailbreak your Iphone?
100% security is impossible, but we can eliminate the most likely things. If you use Windows, even though you keep your anti-virus up to date, there are *always*
zero-day virii, that are not even known about by your virus profiles. If you are being security conscious, you should not let anyone (wife, kids, friends) use it that is not on your wavelength of taking care of things use your computer.
Unless you are a high-power day trader (and you are probably not) there's no reason to keep much fiat or crypto on any exchange. Offline cold storage with distributed backups is the safest way to hold your crypto.
Coinbase is to be commended for Americans, they have had to comply with AML/KYC laws for all 50 states. They are a convenient way to buy with ACH transfer, but only keep a small amount on there to buy things, or give/sell to friends/family, and move the rest off. They have an easy SMS method to buy, sell, send and check your balance, that works on any phone, and doesn't require you to install anything.
Good practices are using strong passwords for your crypto that you do not use anywhere else! Don't use that favorite one you use because it's easy to remember. Don't make your passwords any phrase from any book/song/movie/play. Dictionary attacks will try every word there is. There are attack dictionaries of song lyrics, movie quotes, Star Trek lines, and everything else. Pick a phrase that only means something to you, "When I was a kid, there was always SOMETHING I wanted to be older for." Use the first letter of each word, and the punctuation, making it WIwak,twaSIwtbof. and throw in a shift 567 (making %^&) at the end. Of course don't use that phrase, because this is public...
That's long enough, and random enough that it will certainly take more years to brute force (trying every combination of letters, and symbols) than you will have this computer, and maybe longer than you will live. As long as it's a phrase that means something to you, it will quickly be easy to remember.
Paper wallets are great as long as you can secure physical access to them.
Truecrypt encrypted USB keys can be good as long as you trust the key to not die. Don't use it, make copies and keep them in multiple locations. Learn to use a Linux LiveCD to generate paper wallets, and crypto addresses. If you have a thousand-character password, it won't help if your Windows box gets a virus with a keylogger, they still get everything, everywhere available from your PC.
bitcoinfiresafe.com is good for long-term storage, QR codes drilled into metal blocks (no affilation, just a happy customer).
If you do all of these things you still aren't 100% secure, because there is no such thing. You will be very, very safe, however.
