Lets take Coinbase as an example. If coinbase is only a hosted exchange and doesnt actually have the keys available, as they are held in cold storage, then what good are those keys to begin with if they are not required to convert to cash?
Coinbase have the private keys but they control them. An exchange have most (and not all) of the funds in cold storage for security reasons. If they get hacked, the cold storage cannot be touched so they basically limit their losses. They still have a hot wallet where they process withdrawal automatically.
If someone was to hack into my computer and take control of my account and transfer my coins out, they dont have the actual keys, they just have the coins that are keyless, yet they can trade those coins without the keys and cash them in.
Again, Coinbase have the private keys of the addresses you have in their site. If a hacker gain access to your account, he will withdraw to "his address" that he have the private keys of and coinbase will authorize this withdrawal transactions since the hacker have the email, password, 2FA or whatever.
So what the heck good are keys if I dont need them to convert to cash? They seem to be totally useless if somebody can just steal your keyless coins, put them in another account and then convert them to cash without even NEEDING the keys. That seems like a major flaw to me??
A private key is what allow you to spend bitcoins from an address or sign a message (proof ownership) from an address, It has nothing to do with converting bitcoin back to cash. There is no keyless address, coinbase just choose to not show them to their users (just like any other exchange) while wallets like Electrum give you total access to your funds.