I personally think people demonize exchanges and their safety. Holding coins on different exchanges with different passwords is still a better way than holding all the coins in 1 personal wallet on your computer. If a hacker gets access to your computer, he would still not be able to access your coins on any exchange that has a 2fa enabled.
Well it can happen, but I keep all my stuff on a hard drive that is unplugged after use. The main thing about keeping coins on exchanges is that they can delist them or keep you from transferring.