In actuallity the Debian security team does a fine job of doing security upgrades in testing. This is actually a new repo and process at Debian reflecting the increased use of Debian testing as a production OS.
I normally run testing as my production OS and therefore do not use the code name for any particular Debian version in my sources.list.
cynwolf has it exactly correct, putting the Wheezy security repo in Jessie is simply a silly waste of space. The packages referred to by that repo have nothing to do with the packages in your installed package list, they are older and you will therefore get no security upgrades at all.
Use;
Code:
deb http://security.debian.org/ testing/updates main non-free contrib
where "testing" can be "jessie" if you do not want to have your system go on to the next dev cycle but stay with the Stable repos when Jessie becomes stable.
As this is fairly new, Wheezy was the first to recieve security upgrades when still testing, many people are not aware that the security team took over the security upgrades. In fact the security upgrades were always put in and usually were in place when packages migrated from Sid to testing. They were, however, handled by the individual package managers just as they are in Sid still.
It is true that some may be a bit behind in the speed with which security upgrades are released in comparison to Debian Stable. The priority for Debian is to build and maintain Debian stable.
You, as a user of Debian Stable must know that there are not many of those security upgrades, however, in Stable. I no for a fact that I got the ssl security upgrades in testing the same day they were deployed for Stable. For that matter I got them for Sid that same day.