Someone might go shake him down and find out that this is nothing more than the MtGox hot wallet.
Actually, you raise quite a good point: operators of large e-Wallets like MtGox have a strong interest in implementing something like multiple signatures, for their own personal safety.
If attackers know that Mark (it's his name, right?) cannot cash out his entire wallet without his clients' signatures, there's no point in trying to force him to.
I don't know what to do with coins "locked" in the order book though. If you make a sell order that doesn't get filled immediately, the exchange must have access to the coins yet to be sold in order to transfer them whenever a buy order gets them. So basically all coins on the ask side should not require their owners signature to be transferred, since the sellers might not be connected when the order gets executed... but perhaps there's a way to require the signature of the buyer as well? The buyer is definitely connect at the moment the order gets executed. Or just put the deal on "stand-buy", email the seller and request him to login in order to confirm.
Anyway, even if there isn't a perfect solution for the coins in the ask wall, the other coins at least could be protected by multisig. I don't know what's the proportion.