Risk Management.
You've done your due diligence: unique email/pass, 2FA, VPN.
No such thing is "safe".
There are only 2 types of companies: those that have been hacked, and those that will be hacked.
Pretty much. All exchanges will be hacked, and some will be hacked beyond recovery or ability to compensate. When I got into Bitcoin years ago, one would have expected Cryptopia to simply disappear in a situation like this -- like Cryptsy and others did. Cryptopia probably could have handled things better PR-wise, but people should be happy they're getting anything back at all. The alternatives are Gox, Cryptsy, etc.