So if I understood well, the smart contracts holding tokens itself was safe, but the website hosting it and the route leading to the website wasn't...
Now, when we type etherdelta address, how can we be sure it is the right etherdelta ?

Cheap and half solution : type in the IP address instead of the name. This will prevent a DNS hack attack if I am not wrong. But this won't prevent the etherdelta website itself to be hacked...