What system do you have in place to reimburse investors in your exchange if your contract is hacked or malicious code is entered into your website to have individuals deposit funds into another contract without their knowledge?
You do not really understand how smart contracts work from the sounds of it, perhaps go learn a little about them, again, for the third time, the contract CANNOT BE CHANGED OR ALTERED BY ANYONE INCLUDING THE DEVELOPERS.
He's asking about what happens in the event that either the smart contract itself or your website are found to have exploitable vulnerabilities.
If the contract is vulnerable it's possible it could be drained by a hacker.
If the website is vulnerable it's possible it could be changed to redirect users to deposit to a different contract.
The fact that the contract cannot be changed is orthogonal to both of these concerns.