Well no security system is absolutely foolproof.  Even a 100% cold wallet can be compromised by physically attacking the cold wallet and/or operator.  The idea is to make the attack harder.

The hot wallet can validate commands internally.  For example it could limit the tx based on:
a) limit per hour
b) max limit until supervisor reset
c) limit per tx/address
d) limited to only preset withdraw addresses (adhoc address may be allowed but at lower limit)

If the attacker can't steal the keys directly, and must send commands to the hot wallet indirectly the attack becomes more difficult and the amount limited.  It is possible the attacker doesn't know that a withdraw request of 6,000 BTC will trigger a lockout and in doing so prevents him from stealing anything.   Combine that with sending all incoming funds to a cold wallet and only keeping say 10% of total funds in hot wallet and the potential theft becomes even more limited.

Even simply limiting the size of the hot wallet to say 10% of total funds and doing nothing else would have limited the attack to ~$20,000.  That is a bad breech but far easier to overcome than a complete loss of funds.