The bot can not directly access the funds. It can only indirectly deal through the API and only with functions that the user enabled. Either the user or the exchange can revoke its access anytime. Now our bot supports two centralized exchanges: Binance and Poloniex. If you have concerns related to the security of any of these options, let me know!
Is your bot open source?
The bot can directly access the funds, and being able to withdraw access after it's bet all your coins is not comforting.