There are two points I would make about third party audits. First of all, they simply move the trust requirement. Instead of trusting the entity itself, you are now trusting the auditor. They still don't allow anything to be independently verified by the user themselves. And secondly, even if you do trust the auditor, they only show a snapshot at the time of the audit. Anything could have changed between then and now.

Not at all. In addition to the points I made above in regards to VPN providers, when it comes to exchanges, there is even more unknowns. The proof of reserves which many exchanges are starting to publish is easily tampered with or altered to make it appear more favorable to the exchange, and proof of reserves without proof of liabilities is absolutely meaningless.

There is no way for a user to ever verify completely the security, privacy, or solvency, of a third party they are using. The only way to do this is to keep your coins in your wallet.