How do you know what commercial grade exchanges are? What work experience have you working with commercial grade exchanges?

I see you are using bigdecimal, why are you not using integer math? I would use primitive objects like longs to do all math operations.

I don't see any trading engine or even an outline, I hope you are not using scala for the trading engine, that should be written in C or C++ to be anything considered commercial grade.

I haven't really looked into security, but I would treat this as a hobby project not a commercial grade anything.