dcollins23, sorry that it has taken so long to reply, but we have this new project at work which has been keeping me plenty busy.
First, there is a huge difference between having physical access to a phone, and having to perform a hack remotely, over the air. If someone can gain physical access to your phone, the sky is the limit. It will not matter whether your phone is rooted or not. Applications can be installed to 'back door' into most all mobile phone platforms.
OTA, or Over The Air access, is an entirely different beast, and it is here that I've discussed how dangerous rooting your phone can be. If you don't use your phone as a smartphone, then by all means, root away. You won't be harmed when someone steals some of your songs, pictures or videos (if they're not pron!). If however, your phone has confidential corporate data, correspondence, financial info (your Paypal or Amazon account for instance, or as I've mentioned, your banking info) you may want to think twice.
Now, I won't go into specifics about how to hack a rooted Android phone, but I will say that it would be foolish to accomplish this over a carrier's network, as your actual IP address would be logged. You would likely be traced and your identity detected by the carrier's fraud department.
Rather, the successful way to do this would be over WiFi, in an airport or Internet cafe (Starbucks, Caribou, etc). There, someone could use a laptop running a 'Live' Pentest version of Linux, their computer's MAC address spoofed to cloak their identity, in order to detect your open device and attack it, all while you blissfully surf the web or download that last minute PowerPoint presentation you will need when you visit a client. Once your phone's MAC address (a specific hardware identification specific to your device) is known, and something like a keylogger or rootkit installed, you are PWND and OWNED!