The main danger is a virus that infects everybody's phones and then takes control of the telephony modem, e.g. like a DDOS attack.

That's why you can't have root access to the modem even though you technically own it.

Viruses injecting code into the process of the app that you use to do online banking. obvsly. Or the app you use to do second-factor authentication.

You can protect against that by requiring the app to have a valid signature. You cannot guarantee that the signature is valid unless you can guarantee that the kernel has not been modified. You cannot guarantee that the kernel has not been modified if the phone has been rooted.

For what it's worth, my banking app for my Canadian bank (and the app which does second-factor authentication for web transactions when doing web-based online banking) will not run on a rooted phone. For good reason, I think.

My bank used to use SMS for second-factor authentication, but no longer does so. For good reason. When I do online banking from my desktop, I still have to use the second-factor authentication login on my phone. Or sim-less tablet, interestingly. Whatever the mechanism, is, it is not SMS based.