Not even if users can be attacked, sure phising is an issue but the biggest hacks have always been poor security on the part of the exchange i.e. coincheck not using cold wallets, if you don't hold the private keys then it's not in your control, as Andreas always says there are two types of exchanges ones that have been hacked and ones that haven't been hacked yet.