Good security is expensive. Exchanges don't want to spend money and lose out on profits. We have seen time and time again that exchanges can be subject to huge security breaches and lose thousands of customers' KYC data, and people don't care. They will continue to use them and continue to trust them, even though they can't be trusted. Why would an exchange spend all that money on good security for their users, when their users will continue to use them regardless? So instead they opt to tender their KYC processes out to the lowest third party bidder, with predictable results.

This is a poor reason to complete KYC. If you have different, strong passwords for both your email and your Binance account and use a secure method of 2FA for both (not SMS or SIM based), as well as practicing basic security practices such as not logging in on public computers, then the chances of your accounts being hacked are minimal. If your Binance account was hacked, then you should be able to recover it from your email address.

If your account was hacked, and any coins you had on it stolen (although they shouldn't be since you should be storing all your coins in your own wallet), then what good is recovering the account anyway? You won't get your coins back. Risking your KYC documents for this reason is pointless.