ASICMINER shares are tied to addresses. Exchanges hold the shares themselves, they are passthroughs.

We use Google's 2FA security model - you can disable 2FA without entering the code in case you lost your phone - this requires you to have a signed in session. Sessions are both IP and user agent locked.

Our site is secure against XSS attacks, as well as CSRF attacks.

Thanks for your feedback! One of the directions we may be going into is a multicurrency wallet with a built in exchange. However, we also want to focus on the core for now.