As I said previously, if an attacker is monitoring all the communications between the user's computer and the exchange, and has access to the files on the exchange, there isn't really much you can do in the way of allowing the exchange to safely create transactions on the user's behalf without the situation being compromised.  It's fundamentally flawed.  If the exchange has to create a transaction for the user, and the attacker has that level of control, then the attacker can withdraw coins at will.  They only need the decrypted private key to do so.

That's the point of this; it isn't to prevent an attacker withdrawing coins when the user is being observed making trades; it doesn't protect against that and quite frankly, I don't really see how anything could.  What the design does do is prevent an attacker from withdrawing coins from accounts that he hasn't observed.

This is in contrast to existing systems where an attacker can manipulate the system and withdraw any coins he likes, when he wants to, without having to observe anyone.  There are no restrictions on what an attacker can do to existing system.  That's what this paper set out to solve and that's what the design does.

As I said previously, until you can show me a solution in which the exchange can use a private key to create a transaction and an attacker still can't manipulate the transaction as it's being created, then there's no point in continuing the discussion further.