Is it not the case that Bitcoin exchanges are unregulated? As such, isn't it the case that their fiduciary duty extends to doing what they see fit to keep customers assets secure?
No, a fiduciary duty is determined by the circumstances, not by formalities. Some formalities, such as actually being a banker, have statutorily established financial duties, but whether a fiduciary duty exists is a case by case determination. Service providing bailees have some form of a fiduciary duty, have duties to protect the assets entrusted to them, and are liable for failure to do so.
Whether or not Gox was a registered or an illegal operation, it acted as a currency exchanger, and can't really fall back on "but I was lying and I was really running an illegal operation" as a defense. The relationship was that people would deposit money (BTC or fiat) into Gox, which would hold it for them, and charge them for the service of exchanging it for another currency, then allow it to be withdrawn.
I.e. that money never belonged to Gox in the first place. They solely held it for the benefit of another, and it was there for the purpose of Gox providing services, for which they were paid, to the real owner of the funds. That establishes a fiduciary duty pretty much anywhere.
(Note: I have not read the Mt. Gox TOS or other such documents, and can't seem to find them. They might try to disclaim such a duty in there, which would have been wise considering how they were running their "business.")