Only one confirmation is risky.
Cryptocurrency, being a peer-to-peer supported commodity, has to have more than 1 valid opinion in order to be accepted network-wide.
And 6 confirmations isn't that long IMO.
Once again there is no one size fits all. If you are selling $20 steam games 1 confirm is likely plenty. An attacker is taking a significant risk attempting to double spend, the risk is in potentially orphaned blocks. Blocks have economic value and someone with TH/s of computing power has real costs. The benefit of a double spend ($20 game stolen) is outweighed by the cost of failing (orphaned blocks worth $3,000 each).