Everybody can know that it's bad, yet one person may be ignorant and make the hack possible - you never know where the crack may emerge.
Can't deny but agree with that, even if the exchange company tries to enforce strict rules about not recklessly doing things like this, some devs with the prospect of getting additional side income can be blinded by greed.
I guess there's foolproof solution to this except adding more security measures.
At the end of the day the exchange themselves should know what's best to mitigate this.