Our wallet address needs to be connected to the exchange in order to make transactions and that requires our approval, I don't think you need to worry too much because our wallets are not always automatically connected
When you do trade on uniswap it sends 2 txn, 1 for approval and another for swap EXCEPT if we swap ether because ether need not approval thus it is safe as it need one txn only. Metamask connected or disconnected, it has no role after sending approval txn.
The question is will some hacker in the future be able to call for a swap without the private keys of the victim? Because AFAIK unless there's a metamask of our account attached we won't be able to call up for a trade.
Am I wrong?
private keys give access to wallet for doing txn, but in this case you already approved the uniswap contract to withdraw usdt or any other tokens from your wallet and that too infinite number of that token. so once we approve it on any smart contract, that smart contract can use that much approved amount to withdraw. However for swap we need to make another transaction but for withdrawal, approval txn is enough. Please read the article i shared.