Public companies have disclosure requirements, and sure for security purposes they might not disclose all of their custodians, but I am pretty sure that they have to use qualified custodians, and I am pretty sure that the topic of the custody of MSTR's coins has come up from time to time over the last 3 years, and how many specifics that they gave may be contained in their quarterly reports and I am sure that they are giving as much as they need to give legally.. but sure the questions of their adequately securing their coins could become a question of concern, even though they did seem to survive the 2022 situation in which several custodians were shown to have been irresponsible with their coins.
One interesting aspect is that, as far as I know, they are giving their Bitcoin to a single custodian (I will let you discover in the thread which one I am talking about).
I believe that I had already read about the conjectures about the single custodian and who it is, yet I am pretty sure that I had heard Saylor mention that companies have options regarding their custodians, which I had understood to imply that it would not be a very good practice to ONLY use one custodian.. but sure, you can tell from the way that I am talking about the topic that I have not either figured out specifics or investigated much in that direction.
On the contrary, I know other companies have made the exact opposite choice. The rationale is that, yes, spreading the custody over multiple custodians actually increases the risk of being hacked but diminishes the expected value of the loss, and this allows the enterprise to survive in such an event. No matter how tiny the chance of a hack to a single custodian, it puts the firm's existence at risk because a single point of failure is a no-go.
Surely, we are likely of very similar thinking on the topic, and I am pretty sure that may bitcoin pundits have suggested that MSTR should have enough technical expertise and even abilities to consult with counsel in ways that they should be able to figure out ways to self-custody at least some of their own coins but yeah, even with a company that seems to have been as open as MSTR (and Saylor), I cannot recall Saylor getting into a lot of detailed discussions regarding what their deliberations might be in that direction, including the trade-offs that might come from some of the self-custody and/or multi-sig options that might be available and usable for a public company, such as MSTR.
Another thing is that Saylor talks so much about a variety of topics, I could not imagine that he has not at least somewhat danced around talking about the various tradeoffs in regards to various custodial options that are available to them.