I still can't wrap my mind around why people wouldn't want to have compliance with AML and KYC to better help that this doesn't happen
The first part of your post was OK. But the second part shows your complete ignorance towards the basics of cryptocurrency. How KYC is going to prevent the exchange hacks? Most of the exchanges which were targeted by the hackers were KYC compliant. Cryptopia is a perfect example. On the other hand, BTC-e / Wex.nz which went without any mandatory KYC requirement survived for more than 7 years, before closing down due to unknown reasons.
What are your thoughts on having both KYC and AML complinace for exchanges?
I don't have any issued in undergoing the KYC formalities, as long as the exchange owners do proper audits on a continuous basis. KYC should not be used as a tool to harass the users, because I have seen it being used to deny withdrawal permissions. In case KYC is mandatory, then it should be compulsory at the time of registration. They should not suddenly ask for KYC, when someone is withdrawing his coins.