'Zactly.
I use a Mac and I have a Linux box that is standalone (local LAN only, no internet connection) where I keep the stuff I really care about. I also use time machine every few days. Have never, ever had an issue except for a stolen CC# (used to buy plane tickets in Russia) a few years ago - that was due to the CC company getting hacked (not me) and they didn't charge me when I contested it - the company offered a new card, I told them to keep it, closed my account and went on with life. It was a few years ago so I suspect they only got the CC# (if they'd gotten anything more I imagine it would have turned into nasty business by now, this was maybe 5-6 years ago). Thankfully I didn't (and don't) store my payment info. or it's possible they might've been able to go after my bank account.
Lesson: don't EVER store your payment information on anyone else's site or server and don't enroll in "auto pay" programs (since those necessarily keep your payment information on their servers, out of your control). Most companies now outsource their payment and data processing and the level of protection given to customer data in places like India or Bangladesh or Mexico or Vietnam won't be nearly as good as what's typically employed in the US (mostly due to liability concerns).
Another way to do it (if you're hell-bent on the "convenience" of auto-pay or saving your CC# info on other peoples' sites so you don't have to enter it every month) is to use a card with a very low limit or a debit card that you only transfer funds into to cover payments right before they post each month (although that might be as much or more work than simply manually entering the payment data in the first place unless you automate those transfers themselves I suppose...)
Or just have fewer accounts, fewer things to pay and worry about and live happier.
The biggest data crooks out there aren't Russian hackers anyway - they're big corporations with names like Google, Microsoft, Facebook, Verizon and Yahoo.
Private browsing, cookie blocking, Little Snitch and similar tools are your friend. If they want your data make it very difficult / expensive for them to get it, and make sure that even if they do, it's of little or no value as a profile. THAT is your best (really"only") protection against the Big Data crooks.