These exchanges should know that there have been many hacks in the past and that cold storage is a must. Minor hacks on hot wallets can be somewhat tolerated, but not multi million dollar losses
Indeed, at the very least only a very small percentage of funds should be held in hot wallets.
I'd prefer to see exchanges treating security like Bitmex: Full cold storage requires that withdrawals are not be available on demand. Withdrawals should be queued and manually withdrawn from cold storage. It's inconvenient, but when you consider past hacks were all hot wallet compromises, it makes sense.