Can I request an IP lock option and logging of account access (both options as per blockchain.info).

Also, all withdrawals or moving of shares within the system to be confirmed by both 2fa and email. Email confirmation should be required, or at least on by default.

Furthermore, proof of each user's funds on the blockchain at all times - see gmaxwell's suggestion or use another blockchain based method. External security audit on security and cold storage methods?

Security on Havelock is far from what it could be and for it to be trusted given other episodes this really should be high priority. It would also allow more users to come on board and more trades to happen.

It's time users pushed exchanges hard to get these things done. Some are harder than others but essentially there is no excuse. If they aren't being done, that would be worrying.

This is not a criticism of havelock as all such services have some growing up to do, but I am sure we would all like to know how security is being beefed up and have evidence that no fractional reserve is being used.