That disagreement you witnessed encapsulates the growing schism between the Privacy and Security communities. Unfortunately as corpos and govts increase their passive surveillance, targeted attacks are also on the rise from malicious hackers or govts targeting persons of interest. While privacy and security were long synonymous with each other, we’re getting to a point where you need to choose which is more important to you. I elaborated my thoughts and my stance on this here: When Privacy and Security Conflict. Since I care more about thwarting surveillance capitalism, I happily use fdroid even though the possibility of compromise increases ever so slightly. What can I say, I like to live dangerously 
meanwhile play services exists only on a separate profile with a handful of google-dependent apps I thought I couldn’t live without, but it turns out I hardly ever even need to open that profile. What this accomplishes: instead of Play Services uploading info about my usage about 5 times a second, that firehose of privacy violating data stays completely shut off 95% of the time.
While GOS does sandbox play services and play store, unfortunately a lot of people misunderstand this to mean it prevents the constant stream of data being siphoned off your device, when that is not the case. It just means it has regular permissions and somewhat limited visibility of the rest of your system, and if you allow it network access, it will continue to do what it was designed to do, which includes uploading useage info. Sure, it has less info to pull in, but when I have the option of not running it at all, and using open source apps that respect privacy and aren’t a part of the surveillance capitalism ecosystem, I’d rather just do that!