Android has a built-in security service, called Verify Apps, that scans apps for malware as you install them. It operates on apps you didn't download from the Google Play store (which have already been scanned prior to downloading).
That leaves a significant hole. What if an app is clean, and thus passes the check, and then downloads a bad payload? If you don't regularly scan for malware on already-installed apps, you're still vulnerable. Hence the need for security apps like Lookout, which comes pre-installed on so many phones.
A post on the official Android blog today announced a solution: continual Verify Apps scanning. This should make sideloading a little bit safer, and give you a little more confidence about downloading from the Google Play store, too. Still, exercise caution with what you download and install, and pay attention to the permissions requested by an app!
There's no word on exactly when this update will roll out, but it can't come soon enough.