one thing that you have to know is that announcing your finances is not always a good idea. especially with smaller businesses and those sites that do not have a strong security team.
because saying i have 1,000,000,0000BTC is like an open invitation to all hackers on the internet saying come and enjoy the feast!
you are more proffessional
even the bitcoin in address is safe enough for the tech of bitcoin.
but the place you keep your priv key is not always safe .
i am not saying hackers are going to hack bitcoin private key, that is obviously not possible. i am talking about hackers attacking the site itself and stealing the coins just the same way they have done with bitfinex, cryptsy, btter, and many other incidents.
To be honest, it really doesn't matter whether they prove it or not. Hackers would still be looking to hack them. Cold storage, as I said should be done properly and there would be absolutely no problems. If the Bitcoin cold addresses used multisig and required several trusted people to sign before it can be released, hackers will not be able to get the funds provided that the exchange verifies large withdrawals manually.
What about if the hackers use a lot of computers to get the private key? Is it possible?
No. It is impossible to bruteforce a specific Bitcoin address since there is a large number of addresses. The possibility of you getting an address with balance before the earth explodes is nearly 0.