Generally, the private keys are kept by the exchanges stuffs or managers, there are risks that the exchanges will take away your coins, but I think some big exchange will not do that since they can make great profit to keep the exchange safe, instead of taking the coins away for a short time profit.
Yes. More profitable is keeping the exchange alive then just run with coin belong to its user. So choose exchange also important.
Dont just user exchanger service that has no popularity.