When emailing a group, it is considered good email etiquette to always use BCC unless you have the explicit permission of each and every user to do otherwise.
Although many on your list gave you their email address so that you could keep them informed of a service or other information, they probably didn't sign up for their email to be shared with multiple others.
The point about their email address being exposed to malware/spam is a valid point regardless of who performs what/where scanning is done.
All it takes is one single person on that list to have malware on their machine and the potential for that persons mail directory/address book being lifted is increased and that email address in effect spoiled (as soon as it gets placed onto a spammers 'live' database).
A database of 'known' valid email addresses attracts a premium and malware still goes for scraping address books quite regularly .
Personally, I use 'throwaway' email addresses when in public view and keep private emails private and it reduces the amount of spam/malware massively. (I've also been involved in spam/malware fighting since the days when there was only 1 email server on the whole network although to be fair the first spam didn't official arrive until 1978, thanks DEC !!
If you run a business and expose users email addresses, that's even worse IMHO, yet there is always someone on that list who probably will be grateful for a whole list of valid email addresses.
A quick Google for "email etiquette" will provide you good reasons for using the BCC and how to do so properly. (i.e. don't leave the To: field blank).