That is one reason why I'm actually kinda wild about distributed exchange like etherdelta (as proof of concept, at least). The security model is such that it literally doesn't exist in any country, anywhere in the world; doesn't have servers that can be hacked, etc.
(Admittedly the website is housed somewhere, but it's little more than a GUI shell for signing procedure calls, you could run it locally or interact directly).
I think the big issue hindering that model is that they need something allowing users to pipe into traditional currencies. So far all the solutions to that have been IOU tokens like USDT tethers; which end up generating governance headaches of their own, as their value desyncs from their base currency due to arbitrage & supply issues.
Oh, I definitely think they can. Didn't mean to imply otherwise!
I do think the surface area for attack is much more limited, since the code is innately public (unlike centralized trading houses).
That (in theory) should make them more secure, particularly if considered in terms of the transparency provided. I also think theorem proving, and languages amenable to it, can greatly reduce the surface area even further; reducing it down to a matter of reviewing what assertions the theorem prover was handed, along with trusting the VM's implementation itself. (The later is also helped by having multiple independant implementations).
But I don't think the tech is there yet. The languages currently being used aren't the greatest for theorem proving; no one's actually done much of that in practice anyways; there aren't "best practices" for upgrading your smart contract when a bug is found; and there's ALWAYS an assertion someone forgot to add to the test suite.
But I do think smart contracts could remove "server compromise" and "unauditable code" from the list of main dangers of an exchange, which does seem quite useful in the long term (once the ecosystem fleshes out a bit).
Followup just to clarify: The reason smart contracts drastically mitigate "server compromise" is that compromising / altering the operation of the VM (and not merely exploiting a bug) requires a 51% attack on the entire network. That should generally be a MUCH more expensive undertaking than the value of any given smart contract (under the assumption that the network will be valued at least 2x more than any of it's participating apps).
There's no insurance company that would write a blanked insurance policy for BTC. It is the other side of the "We are BTC! We are special! Rules of finance do not apply to us!" coin.
(Admittedly the website is housed somewhere, but it's little more than a GUI shell for signing procedure calls, you could run it locally or interact directly).
I think the big issue hindering that model is that they need something allowing users to pipe into traditional currencies. So far all the solutions to that have been IOU tokens like USDT tethers; which end up generating governance headaches of their own, as their value desyncs from their base currency due to arbitrage & supply issues.