PoS relies on the possession (“keeping secret”) of private keys. No matter what you do, private keys (information) can be stolen, including in a covert manner (in a way that no one discovers that anything has been stolen). PoW relies on hardware, for which the same problem does not exist.
There's been some work done to work around this issue. One of the approaches is to keep an always offline "fallback" key that can be used to "lock" an account and transfer ownership to a new account in the case that a private key is leaked.