I do upgrade packages manually on my machine because I want to control when and what to upgrade. Security freaks could argue that it is not secure not to update computers frequently but I believe that chances to get hacked because of an outdated package are less than receive an upgrade that bricks your computer. The recent Canonical fuck up with activating experimental Intel SPI drivers in kernel that bricked some Lenovo laptops is a very good example. Another reason is the time needed to upgrade packages because apt-get is really slow. So basically I need to check what has been changed and only upgrade if really needed.