Google has confirmed that if your site is hacked it'll notify you via GWT and add a warning label in the SERPs.
How else would you like to be be notified?
If you don't use GWT you would only spot that notification in the SERPs.
If Google were to e-mail sites with a problem it'd make you wonder if it was a phishing attempt.
Do we really need Google to give us more ways to get in touch over malware and a hacked site?