I don't think you should handwave this. Companies have hot bitcoins because they need them to cover transaction volume. Their "hot" liability scales with their business. When you're six months old, a 50k loss (more accurately: the requirement to redeem BTC that start with a market value of 50k) kills your company (or the rational incentive to continue pursuing your company). When you're a year old, 100k does the trick.
This isn't a problem bitcoin companies outgrow; it's a problem that festers as the company gets more successful. Do you go out like Flexcoin did, or like MtGox? Either way: you eventually do get taken out.
I didn't mean that to come off as hand-waving. I think this is a very serious issue that is going to require a complete rethinking of security practices. Perhaps it won't ever be solved satisfactorily, but I wouldn't rule out ingenuity of developers to at least reduce the risk to manageable levels.
Well I think the problem is that if we take the assumption of "being owned" at face value (and that seems justified by the evidence) then "reducing risk to management levels" doesn't stop these disastrous events from happening. It only makes it more disastrous once the black swan finally lands in your pond.
It seems that the only way for this line of business to be feasible in the long term is for the hot wallet :: total assets ratio to be as low as possible. Your income to build assets is proportional to transaction volume, but so is the required size of the hot wallet.
Maybe a massive up-front investment to allow for start-up assets to be suitably large in comparison to hot wallet size... but even then you'd need to be careful not to grow too quickly and to ensure that you proportionally build up your reserves for when your hot wallet gets wiped out.
But this means that you have those stored assets that you can't invest elsewhere, so are you even making a profit now? The only way to reduce assets needed is probably some kind of insurance arrangement, but why should the insurance company offer low fees for this with the risk profile we currently see?
The loss rate is extremely high; I don't think people would be willing to pay an extra 20% spread on their exchange to cover it.
Much higher levels of isolation (such as running the transaction engine in some kind of HSM) would help, but I suspect that anyone smart enough and cautious enough to do it properly is too smart and cautious to go anywhere near the prospect of running a bitcoin exchange.
This isn't a problem bitcoin companies outgrow; it's a problem that festers as the company gets more successful. Do you go out like Flexcoin did, or like MtGox? Either way: you eventually do get taken out.