For escrow purposes, I don't think multisig is the correct solution. Users may lose/mishandle keys. At the end of the day, the site needs to sign the tx anyways. So you could prevent the transaction from ever taking place anyways. Also, many users may be deterred by the additional complexity. You need to garner trust through reliable, logic action.

As for general security, I can't imagine multisig being a practical solution for regular operation/facilitating transactions. For a cold wallet of unused coin, maybe. As long as you handle site security properly, you needn't worry about a malicious actor compromising funds.