Page.ly - no direct experience. Some people love 'em. Some loath 'em. They do remove control to add security and stability.
Firehost - a general secure host (e.g. not WordPress specific). Expensive, but very secure (they have HIPPA compliant hosting, which is ridiculously secure). Unless you need that level of security (e.g. you deal with patient data or financial data), it's just extra hassles and expense.
WP Engine - Personally, I've found them to be too restrictive. But some people swear by them -- many sites run fine, but the minute you go outside their narrow niche, things go badly fast.
The Gist:
You don't need any of these to run a secure site, but most shared hosts don't take security seriously enough. Heck, even Linode got hacked... so there's no silver bullets -- but you need to choose a host carefully, then layer security on top of theirs.
What I use:
I use a quality shared host that has excellent security (never had a site hacked there, even ones that were out of date). As an example, they block XML-RPC by default as most sites don't use it - enabling it is as easy as adding a line to .htaccess, but most sites are protected -- you opt-in to less security if you need it.
For bigger sites, I use a VPS at WiredTree -- they manage the server and keep it hardened against attack. Never had a site hacked there.
For managed WP hosting, I recommend Web Synthesis. They offer the flexibility of a VPS with the security of a managed solution. Best of both worlds in my opinion. Never had a site hacked here.
Sucuri is a great solution (plugin and service) as well to add into any site (is bundled with WP Engine's service).
Avoid:
GoDaddy (do I need to say why?)
HostGator and other cut rate hosting (you get what you pay for)
MediaTemple Grid Service (walls between sites are too thin, infections spread easily)
_________________________
Nick Ciske
@nciske