If you use EtherDelta through MetaMask or Mist, then EtherDelta doesn't have direct access to your private keys, and you're given a prompt outside of EtherDelta's control to confirm any action you take, so you're much less vulnerable to malicious behavior from the EtherDelta admin.
Aw, so there's some local client you run that you use to do the cryptographic bits, and the web client is just used to display results and let you navigate things?
Optionally yes, but EtherDelta specifically does let you instead use it in a normal browser if you give it an Ethereum private key. The hack only affected people who used it that way.
The contract address is shown in the Mist/MetaMask prompt. Checking that when you first deposit would be sufficient. (Sure, it's probably true that many users would fail to check that, but I think it counts for something that there is an obvious way that anyone could verify what they were committing their funds to.)