So that's the reason why services typically use 3 to 6 confirmations then, before my funds are accepted?
If my transaction's buried two blocks deep (2 confirmations) it's less likely to be in with a hacked or erroneous transaction and get orphaned?
It has nothing to do with hacked or erroneous transactions. It has to do with an attacker attempting to create a longer blockchain and replacing the current chain with his altered chain.
If an attacker has 10% of all the hashing power in the world, then they have a 10% chance of creating a new block before any other miner in the world. They have a 1% (10% of 10%) chance of creating 2 consecutive blocks before anyone else in the world creates a block. They have a 0.1% (10% of 10% of 10%) chance of creating 3 blocks before anyone else in the world creates a block.
As you can see, the deeper the block with your transaction, the more difficult it is for an attacker to start at your block and create enough replacement blocks to change the current blockchain.
Then three blocks deep even less likely to be orphaned? Then four blocks deep even less less likely and so on...?
The bitcoin protocol states that if you receive two different blocks for the exact same block height, then the block you receive first is the one you use. If you receive a chain of blocks that is longer higher than your current block height, then the chain replaces your current chain. This is how the entire network forms a consensus on the ordering of transactions over time.
Orphan blocks can happen for two different reasons.
Reason 1:
Two different honest miners just happen to both solve a block within milliseconds of each other. They both transmit their solution to the peers that they are connected to, and those peers relay the block to additional peers. Eventually peers start hearing about both blocks, and they choose the block that they received first, ignoring the other block. Once the entire network has heard about the blocks, we end up with a split network. Some nodes believe that one of the blocks is the current block, other nodes believe that the other block is the current block. Miners all base their work on whichever block they received first. Eventually a miner solves a new block and transmits it. Anyone that already has the block that this miner built on top of can simply add the new block to their chain. Any node that had received the competing block now has a chain of two new blocks that is longer than the one block they had previously added to their chain. They "orphan" the one block that they previously had, and they add the two new blocks in place of it. If your transaction had been confirmed in this now orphaned block, and if your transaction is not confirmed in either of the two new blocks, then anyone that had previously accepted the now orphaned block will see your transaction go from 1 confirmation to 0 confirmations while it waits to be included in a future block.
Reason 2:
An attacker broadcasts a transaction to the network, but creates a competing transaction that sends those exact same bitcoins to an address that they control instead of the intended recipient. The attacker keeps this replacement transaction secret and doesn't tell anyone about it. The attacker immediately starts trying to mine their own blocks with this replacement transaction in it. If he succeeds, he doesn't boradcast his blocks. Instead he holds on to them and keeps them secret. The entire network sees the original broadcast transaction with 0 confirmations. The attacker is trying to mine blocks faster than the entire combined mining of the rest of the world. Eventually the original transaction gets included in a block (1 confirmation) on the blockchain that the world can see. The attacker continues to try to mine more blocks faster than the world, and continues to keep them secret. Eventually the world mines enough blocks for the transaction recipient to be satisfied and provide the product or service that was paid for. If the attacker was successful in mining enough blocks fast enough then he has a secret blockchain that is at least one block longer than the public blockchain and which includes the transaction that pays himself instead of the victim. The attacker broadcasts this longer blockchain, and the entire network (using the rules of the protocol) switches over to the attacker's blockchain. The victim that provided the product or service suddenly sees the transaction that paid him vanish since it is no longer valid, and the attacker gets to keep his bitcoins.
The more hashing power that an attacker has, and the less blocks that he has to replace, the more likely it is that he will be successful.