It doesn't have to be malicious by the gateway.
What if the gateway loses all the bitcoins through a natural disaster and a poor back up strategy?
Only trust gateways that are worth trusting. When sending USD, BTC, Credit Card numbers, Social security numbers, etc to a gateway such as MtGox, BTC-E, BitcoinStore.com, Amazon.com, Citibank, you must trust them to be good stewards of your BTC / USD / Credit Card / Data / Products.
Why do you see gateways in ripple differently from a local bank, retaurant, amazon, etc?