If you compare all the web wallets listed you can see that they all share the "centralized" and "remote app" bullet points. Yes, we could do something about it but the solution is not technically trivial, so I don't have a good answer for you, at least speaking for the short term. As for "vulnerable environment", we could add two-factor auth. The reason why it's not there is because we started off as a mobile web app - 2FA doesn't add much to security if one uses the app from their mobile browser.