Changing the security level is a user decision only, from my experience. So you would be reasonable in setting it to level 2 for normal circumstances, and then manually increasing the level (temporarily) if you find the site under serious attack through the live traffic feedback, or more general media reports of a widespread attack on Wordpress sites (such as the DDoS reported back in March).
↧