Indeed there are several exchanges that do not use email, passwords, or other profiles. Like the forkdelta using the MEW private key, Stellar that uses the Stellar private key, etc. But not apart from hacker attacks, and this has happened. But the exchange that uses e-mail security is also very safe from attacks, they make with high security. Api key, G.A, IP detection, etc. I have no doubt about the security used by exchange developers. Except new exchange. They are still in the testing phase.
not necessarily, you know the exchange of "coinsmakets" they use email and passwords but see what happens, hackers have taken all the assets there and all the people who trade there are crying because they lost all their money ... look now, their servers are down hacker attack
Indeed, there are exchanges that can be hacked by hackers who use e-mail or passwords, but the control power is higher. For example, every time we log into the exchange there is an email notification. I suggest that the email to register the exchange is activated on the smartphone. So that we can control at any time. But if the exchange uses a private key, is there an email notification. Of course not. Loss control.