Though harmful, but this is still not as much dangerous as it can be if the exchange itself gets compromised, and we have seen that happening before as well with quite well-to-do exchanges. People surely have to keep their funds out of the exchanges whenever they are done with trading, everyday. Keeping your funds in an exchange for the purpose of trading again can cause you a big loss if something happens within the exchange.
One way of being safe from phishing attacks is using the mobile applications of the exchanges. You will face no such problems with the app as there you are not opening a website which minimizes the risk of your credentials being stolen.