But some hybrid wallets like blockchain.info are so secure.

They do client side encryption, js verifier makes sure any server attacks don't affect the wallets directly, allows user to backup their wallets the way they want, has some redudant backup options, two-factor authentication, and so much more. I don't see a reason why not to trust such wallets.

I agree there have been past instances where the server was comproised and users lost their wallets, but with such hybrid wallets if you are taking regular backups of your wallets you are pretty safe.

There have also been several bitcoin services where the owners ran away with the users' money.

I doubt any significant potion of the user base uses the client side verifier.