It is the user who has to use the safe (i.e. securely storing api key / 2FA codes).
Binance can't force anyone to protect their password / 2FA code / etc..
But the issue wasn't that people were careless with their 2fa or passwords. The issue was that Binance had a security breach that circumvented these security checks.
I get that in crypto you are responsible for your own security - but in this case the problem wasn't the user, it was the 'trusted' and apparently 'safu' centralized exchange, who has such an inflated sense of self importance that they were considering risking the entire integrity of Bitcoin through a roll back.
I can't find any news stating that binance's security was compromised.