You can also enable 2FA for withdrawal If there is the option to do so. I know that Hitbtc have it but even with the email address only, that should be safe. Another method would be to build something using their API and limit the use for trading only.
I don't have yet account at Binance, but on the exchange I've been using, they were asked for the same 2FA as for login, and this would make the 2FA useless for OPs purpose.
And for OP, since the change you'll gave proper 2FA on that account is small, be prepared that somebody (hacker) will find a way to get some of that money of yours.
Also, if the "apprentice" traders can find some coins with very low volumes at Binance, they may even use them to make some "bad trades" with your money, by either buying from themselves some coins way overpriced, either selling to themselves some coins way underpriced. This is an indirect withdrawal and you may fail to prevent it.