Bitcoin Core now uses deterministic wallets by default for new users (like most other Bitcoin software), so all keys are generated from the initial seed in the wallet and a single backup is enough to cover them for all time.
But by default, non-deterministic wallets have the next 100 addresses pre-generated. That's a lot for people not making a lot of bitcoin transactions. The "protection" that non-deterministic wallets give in case you're hacked is probably no use to most people.
If you ever notice funds from your wallet are stolen, even if you were using a non-deterministic wallet, your thought should be to reinstall your OS and move any remaining funds to a fresh new wallet. Not to keep using that wallet while the attacker keeps grabbing from it and telling yourself the problem will go away 100ish transactions later.
I guess there's attack vectors where an attacker gets hold of an ancient backup of yours that a non-deterministic wallet could have helped. If you think that type of attack is likely against you, you should just manually swap out to a new wallet (synced up to your backup schedule) instead of depending on the non-deterministic wallet's keypool being depleted occasionally.
The case that non-deterministic wallets actually protect anyone is slim (attacker only has access to ancient backups of the victim), and outweighed by the risk to the user that their backups will silently become out of date as their wallet's original keypool is depleted. I think everyone should forget about non-deterministic wallets. They're a historical quirk with few parallels to other systems.
I find your presumption that a Bitcoin wallet's balance should be immune to an attacker who gets a copy of it to be surprising and unfair. It's the same situation with any cryptographic keys: if an attacker steals your PGP keys, then they can use them to decrypt data or sign data for all time. If you want to protect against the situation of an attacker getting your old data, then it's up to you to rotate your keys (/wallet) and update your backups.