For example, you used the address of the exchange to receive Ethereum, and if you were credited with tokens, then you could not brand them, since you did not own the keys of this address. Now, if you specify the BTC address from the exchange, then this is also bad, because you can be banned, and the exchange will not give you the keys to such an address.
Centralized exchanges don't give users private keys or mnemonic seeds from which users can get private keys. They only credit public addresses to user accounts and it is different than non custodial wallets.
With non custodial wallets, like you use Metamask wallet to store your ETH, any token on Ethereum blockchain ERC20 will be seen in your wallet, if they were sent to your wallet by project (airdrop), bounty distribution.
If you use a centralized exchange account's public address, you will have to pray that exchange will list the token on their exchange for trading. If they don't list the token, you can not do anything.
Some bounty managers even remind that bounty hunters should not use exchange wallet address for receiving.
You, having a lot of experience, described my thoughts absolutely accurately and in detail.
I remember a case with an unsuccessful indication of Ethereum alres, because of which the airdrop flew to the stock exchange, and as a result was lost. A long time ago, my friend participated here on the forum in the distribution of AETERNITY tokens and indicated the address either on Polonieks or on Bittrex. As a result, a generous airdrop was visible at the address of the exchange, but the support from the exchange refused to help my friend in any way. And in the end, he only sadly watched the ghost of his tokens.