I find the admonishment to use electrum in response to a message apparently concerned about security to be quite perplexing. Electrum is useful and interesting software, but it has a _much_ weaker security model.
GMaxwell, to address your perplexity: under some scenarios and for some people, the advantages of small on-disk footprint, undetectability, plausible deniability, and quick startup might justify the risk entailed in connecting to a potentially rogue Electrum server.
I have lived in (and still travel to) countries where buying and selling foreign currency is
illegal. Not all Bitcoin users live in the USA or Western Europe, where currency controls are minimal and property rights are somewhat respected. Bitcoin's legal status is still up in the air, and it's likely to be eventually demonized or treated as a foreign currency by the more oppressive governments worldwide. For some people in some locations, it might be critical that forced searches and seizures of their computer do not reveal meaningful Bitcoin holdings or activity.
You can draw an analogy to holding gold. You can hold it yourself, or trust a 3rd party to hold it for you somewhere else. The former is undeniably more secure under peaceful conditions in a civilized country with strong rule of law and respect for property rights. But if you're a Jew in 1940 Germany with stormtroopers knocking on your door, untraceability and plausible deniability might be
much more important.
Personal physical security is, for many of us, a higher-order need than transactional security.
BTW, unrelated to the above, there is another reason why, statistically, nonstandard clients might be a more secure option than the reference client, even with the risk of bad servers: they are less likely to be targeted by client-side viruses, trojans, and keyloggers. Perhaps virus writers have already started looking for Electrum installations and vulnerabilities...but perhaps not quite yet. For computers whose risk of getting infected is high (e.g. a Windows system shared among family members), it might be logical and prudent to always run the least popular and most lightweight client possible, even if it exposes you to the (arguably smaller?) risk of the "bad server" scenario you described.
PS: note that I have nothing but gratitude and admiration for the developers of the reference client, and understand that the goals and priorities of that project have to be carefully chosen given limited time and resources.