Somewhat true. On a phone it's almost impossible to get to the files containing the encrypted mnemonic. Hard code encrypted as it is. The apps are sandboxed. If you choose to hold your coins on a rooted phone, well that's your problem right there.

Secondly, the desktop side which is more exposed. The hacker needs access to your drive, to your files. If you can't secure your computer to not be breached, then again, you shouldn't be holding Jaxx or any wallet on your desktop.

They are comfortable with this approach for the moment as some of the responsibility is also in the hands of the coin holder. There are also developments to increase security.
Stop spreading FUD Hive account@kingscrown. People that have these levels of breaching should get their own security on par with the industry trend. If you forget your credit card on a counter, is it the bank's fault that your funds get stolen?