A few words about major websites....
In terms of "only visiting major websites"......
What if someone, or something (virus etc.) edited your hosts file ? Changed your DNS settings to point you to mischievous DNS servers ?
What if someone, or something setup an inline HTTP proxy to alter your BBC browsing experience ?
What if someone hacked the BBC and put some malicious files up ? (don't say it will never happen, I can point you to lists of many "major" websites). Plus there's always the prospect of the "inside job".
What if a page on the BBC site had an iFrame ? Displaying content from a remote site in a BBC border.... what happens if that content becomes malicious ?
What if you received an email purporting to be from the BBC telling you to visit their website to read something of interest to you ?
Variations on the theme include cross-site scripting attacks etc.
In summary ..... treat the internet..... the WHOLE internet.... as untrusted, and keep your wits about you at all times.