We don't know. I'm not aware of a centralized exchange with a back-end code audit. If we are to measure security by instances of victims by such attack, then it is most likely safe; I have never heard of such a case, mostly because it doesn't make any sense. If an exchange is compromised, the attacker will empty their wallet; they will not try to convert it into their own phishing site.