Android changed this year. SafetyNet does make the android eco-system more secure. However, it does not make an individual phone any more secure for the end-user.
SafetyNet is a bit like tripwire. It does a verification of running root-level processes and sends a signed device checksum off to Google. If your device is rooted / has malware / etc. then it won't pass this check. There are no indicators to the end-user that something bad has happened to their phone except that any apps that use SafetyNet will no longer work - e.g. Pokemon Go, Android Pay and the PlayStore.
The phone will still be usable, you can still side-load apps etc. so this actually encourages end-users to continue to use a phone that's probably got malware.
Oh and you can still root a phone, then unroot it and it'll be happy again. This is a security layer that benefits the the app developers only, no more cheating at online games.
However - I would hope this change would give the vendors a real motivation to release updates. If Apps are "No longer compatible with this device" because they are not keeping the phone updated with new releases, then you'd have a real legal case to return the phone. Not so much in the US, but the EU has good consumer protection.