Here is what I do to secure my Android device:
1: Unlock the bootloader, flash a CM or custom ROM that doesn't sport crapware.
2: Encrypt the device with a screen locker PIN 4+ digits. I personally use six for this, just for ease of typing.
3: Use "su -c vdc cryptfs changepw foobar" to change the passphrase. This separates the passphrase Android asks for at boot versus the screen unlocker PIN. Of course, if you change the screen password, the cryptfs password will change, so you will need to use root and change it again, or use an app for this.
The advantage of this method is that the boot password can be very secure, while the password to get past the screen locker can be easy to type in.
4: Relock the bootloader. This forces someone to have to erase the data partition if they want to reflash.
5: Install a third party security app like Cerberus or Lookout that can locate and remotely erase the device, or just sound a siren until the holder trashes it. Some utilities can go into /system and persist against wipes as well.
6: If the device has a SD card, consider using an EncFS app to mount and store files under. This way, anything written is immediately encrypted.
7: Use Titanium Backup Pro with encryption and saving to a remote cloud provider. TB's encryption is remarkably sane (it uses private/public key, so the passphrase is only needed on a restore), and storing copies of backups remotely means that data is still obtainable even if the phone is lost. It does require root though.
8: Unless directly in use, keep USB and ADB completely off until needed.
9: Use a utility that demands a PIN before various apps can launch, especially preferences and an app that pops up a console/shell window.
10: Use a TRIM utility that runs in the background. This way, if the data isn't encrypted, it is not existing.
These will help protect data on a phone. If stolen, the attacker would have a few guesses on the PIN before the device locks them out. A reboot will force the attacker against the full passphrase. A data wipe will still mean Cerebus or a security program is still in /system, forcing the thief to completely reflash the phone to a factory image (ensuring all is gone.)
Of course, there is the physical hardware loss, which insurance might cover (Asurion for example), and stored data can be recovered via Titanium Backup. However, done right, an Android phone can be made decently resistant to theft or physical attacks.
The reason why one should use a utility to PIN protect apps and app groups is that if the phone is swiped before the screen locker comes on (for example, out of the user's hands directly). That way, assuming preferences and other settings are secure, a thief has limited run on what is available on the phone.