Exchange owners storing private keys in company emails isn't appropriate, it's what FTX did, other exchanges are professional with stronger security.
That's a big assumption to make, and one which is not true. FTX was the second biggest exchange in the world. Everyone assumed they would have decent security, and instead they had an unsecured group email account. Everyone assumed Coinbase had good security, and instead their data was being sold by a third party. Everyone assumed that Binance, that Bitfinex, that KuCoin all had good security, and all have been hacked and had coins stolen.
There isn't proof Binance, Bitfinex & KuCoin have better security to FTX. Their security could be worse we don't know. I made wrong assumption.
The fact is that we have absolutely no idea what security exchanges do or do not have. You are trusting complete strangers, who have shown time and time again that they are grossly incompetent. Handing over coins or data to any exchange is a huge risk.
We don't know about security used by exchanges that's why I don't use them. Big brands NordVPN & ProtonVPN publish transparent audit reports every year to gain trust. If Binance, Bitfinex & KuCoin did the same it wouldn't stop hacking attempts, we know security flaws can be discovered after audits but can third party published audits of exchanges be considered proof of security?