Everyone should be careful when it comes to centralized exchanges. I suggest that you should not use your personal email and of course password which you use in other places.
You are right. Not your keys not your coins irrespective of precaution measures you took. It's very important we always remember that no matter how secure how centralized exchange is, they can be hack and your personal information and assets can be toy with.
One can used personal email and password, it all depends on how secure you are with your account, I believe every crypto exchange has a 2FA which can be another precaution and measure for safeguarding once account.