In your scenario, there's malware in a non-apple app store. So what? It rightfully gets a bad reputation, people presumably avoid it, etc. Those who are more risk averse choose only to use the Apple app store. I'm not seeing the issue here?
If Apple want's to ensure that the platform itself is as secure as possible, that involves patching the underlying vulnerabilities. The presence of a third party app store doesn't affect that one way or the other.
How would mom know about the bad reputation? Download.com included toolbars with their installers (not a vulnerability, just shady) and only in rare blog articles were they called out on it. Multiple sites linked to them as a reputable download source for affiliate money.
The same way she avoids more open ecosystems like android? Presumably, the addition of another app store would be something she would have to actively seek out and do.
If Apple want's to ensure that the platform itself is as secure as possible, that involves patching the underlying vulnerabilities. The presence of a third party app store doesn't affect that one way or the other.