In a nutshell, exchange sites like Mt Gox need to hold the private keys to your bitcoin on their server.  That is how they are able to send them to someone when you want to spend them.  If you don't feel comfortable with someone else holding your money, transfer it to a local private encrypted wallet that you control yourself.