Google Wallet can be as secure as a physical card at your favorite retailers - or even more secure, considering tokenization makes cards stolen in recent hacks such as the Target and Home Depot breaches useless. But how do you keep someone else from stealing your phone to pay for stuff? How do you keep the other side of your digital wallet secure? Well, it's quite simple, and coming right up.
Passwords and PINs
The first thing you can do to secure your wallet and phone is lock your phone. Lock your phone! LOCK YOUR PHONE! If you're going to have an app on your phone that acts like your credit card, you better have a lock on the phone itself. In addition, there is the PIN passcode within Google Wallet itself. We have three options concerning that PIN's timeout period: 15 minutes, 1 day, never. Use the first one. The second if you absolutely have to in order to use tap-and-pay in the bowels of the Underground or some cave somewhere.
There are also apps that will password protect sensitive apps or directories for you, should you need to use the 1 day timeout out of some necessity or simply wish to keep your locked Google Wallet behind another lock.
Progressively track your card
In an age of almost regularly-occurring credit card breaches, you should probably do this anyway. Regularly check your bank accounts, especially for cards that you use online. Also check your transaction history, which is hiding at the bottom of the main page in Google Wallet. If you see something's up, you can quickly deactivate the card and order a new one before they do too much damage, though as most people know, it really only takes a moment to wreck up someone's credit card (and credit score).
Keep it out of sight
If you want to take things to the next level, there are a few ways you can hide the app itself on your phone. Consider swiping it out of recent apps after you finish using it, or better yet, hide the app. Don't have a shortcut to it on your homescreen, or if you must, don't have it visible and obvious. If you're using a launcher like Nova or Apex, have a gesture or swipe control launch Wallet, since most people won't figure out your gesture controls quickly, assuming they even know what those are.
The other fun thing you can do is hide the app in plain sight. Launchers like Nova can also let you apply a new name and new icon to individual apps on the home screen or in the app drawer. So you could make the app a complete blank, or you can turn Google Wallet into some low-key utility no one would bother with. Not only do I do this with Google Wallet, I also do it with Google Authenticator (you should be using this app, too, by the way) and other sensitive apps.
Be vigilant. Be sneaky. Be smart. And you should be fine. Google Wallet has the benefit of actually being able to be more secure than your physical credit card. If someone mugs you and steals your wallet, they can use the card until you cancel it. If someone mugs you and steals your phone, they have to get through the device lock (LOCK YOUR PHONE), find the app that you've hidden away, unlock the app if you're using an App Locker, unlock Google Wallet using a PIN they probably didn't think to give you, and then find a place that uses tap-and-pay, which while not rare is certainly not that common either, at least in the US.
And remember, folks, that you can disable Google Wallet remotely by logging into Google Wallet in a web browser, just as you can log in and track the phone using Android Device Manager so you can take back your phone or at the very least wipe it.