I would prefer to see a report that the users have access to 100% of their funds and the exchange cannot access any of those funds. This is not hard to do now we have M of N signatures, why are exchanges wrapping software around naked private keys and declaring themselves secure.
How should that be possible in an exchange setting with sub-milisecond response times for trading?