Hi, most of the problems in the past about stolen money was caused by some leak in the online servers.
What guaranties do you put in to avoid being hacked?
If an attacker hacks your server, it can do whatever they want, specially they could wait for some big accounts to log in, send fake JS to the client, send a hacked updated version of the app to chrome, etc.
I only see that it is probably harder to hack than blockchain.info, but still you are somewhat vulnerable.
I'm not saying they would be able to sustain that problem for a long time, but one day or even some hours doing so could be catastrophic for all users using the service at those hours.
Am I wrong?
No, you're not wrong, but "security" has so many facets, that you can't simplify the problem to just a couple of sentences either :-)
A couple of points:
a) You can't guarantee against being hacked. Security is not a feature you finish - its something you work on forever. But what you can do is to build a system where the damage of an attack is minimal. Since BitGo doesn't have two keys, the attacker wouldn't get anything immediately by breaking in. As you point out, he could "lie in wait". Keeping the bitcoins safe is much easier in this situation, because it is now a matter of quickly detecting the intrusion rather than having to protect data. Unlike coinbase, or other traditional online services, we don't have large pools of bitcoin waiting to be tapped. Every user has their own keys, so each user is individually partitioned. This makes it much less attractive to the intruder to attack.
b) You correctly point out that to date, press-worthy attacks have been primarily against online services. This is true. But its about to change. The reason the attacks have been against online services is because we've been naive and secured large pools of bitcoin behind a single signature! The attacker breaks in, and instantly has access to all customers funds that use that service. Both blockchain.info and bitgo avoid this problem by having each customer retain his/her own keys. Using multi-signature on top of that protects from malware as well.
c) There are many people that think their desktops are safer for their wallets. They aren't. They're only safer than online wallets that use single-signature tech. Hackers have already started to retool their malware (and about 30% of all home computers are breached already). Those tools will be in every desktop wallet and simply take the unencrypted keys. You need to use multi-signature for sure, and to make it easy, you're probably going to want to use a service for that second signature. The service can implement dynamic, real-time updates to its fraud checks in ways that your desktop wallet never can. I have a lot of paranoia about desktop software.
Mike