How many users are verifying the signature of their wallet, how many are checking the software they're using. I bet they see it as open source, and just blindly trust it. Then, you've got people hosting their wallets on compromised machines or just poorly implemented security like weak passwords or sharing their credentials with people they trust.
I am usually extremely paranoid yet I sometimes blind trust software stuff myself. It is truly exhaustive having to deal with ALL kinds of verifications needed to know whether a software is truly legitimate and safe or not. Even if the software is Open Source and trusted by the Bitcointalk community, there is always a chance ONE single line of code turns it into something very malicious you should not trust. If you want it all to be 100.00% safe, you need to verify everything, including the source code. You have to build all software by yourself rather than installing DEB and EXE's.
On the other hand, you have Exchanges supposedly storing Cryptocurrency holdings safely. Then you find out there are people like CZ who are running their whole Cryptocurrency stuff off an USB stick. Even as a multi billion dollar company, the security may be more or less the same one you get by individually storing your own coins. That is, unless the company hires security experts and properly stores Bitcoin in a neat, close to perfect way. How many do this however?
The level of your Wallet's security depends on a lot of factors. It is very relative. And let us be sincere, none of us have the perfect, flawless way to store and use Bitcoin. Even the extremely paranoid ones still have flaws in their behaviors. But what makes an Exchange much, much riskier than self custody is particularly that you do not know how their (your) coins are stored. They may be stored by security experts. But chances are they are not. So why risk it then, if you have the choice to store them and meet your expected and wanted level of security?
-
Regards,
PrivacyG