Withdrawal limits are not good security. I can understand why some sites implement them given how unsure they can be of certain things with traditional web languages. To me it is usually a sign they have liquidity issues, for whatever reasons. Not every liquidity issue an exchange faces is hack based, often mistakes and bugs can make you incur losses (though make you more responsible than a hack perhaps).
One big advantage of the mtmox codebase (including prior versions) is the ability to have the entire state of the exchange in the one "application", so everything can be monitored. Which is why I had some artificial intelligence analyzing the financial state constantly to find any issues and bugs that may exist. All user access goes through an authorized pipeline, there is no way to escape it, unfortunately you cannot design most traditional web languages like this without slowing them down significantly.
I coded the mtmox pipeline specifically for the exchange use case where every single http request is authorized before any analyzing of what it does occurs, which immediately limits its access to the system. And if there is ever a bug the AI will catch it before it becomes able to be utilized by anyone. It is a nice secure system, I never had any issues with it over a long period of time.
However I had issues with the backend financials, the wallets are just not up to the task of the exchange use case which introduces delays where there shouldn't be. And many of the coins themselves are not very secure at all or constantly change. So I will be limiting the exchangeable items to only secure stuff going forward like MicroCash (and perhaps any assets/sidechains of that), or things like Bitcoin and Litecoin which are reasonably secure due to high hashrate. I would love to trade new things like Eth too but I will wait and see how stable it becomes first. The same with the new Nxt, all the things which are moving things forward in some way and are secure.
Getting this back to Polo, I like many aspects of their design and unlike Cryptsy their trading engine seems fairly decent. So it is hard to criticize much of what they do, I just hope they can remain secure with everyones funds. It is better for the whole community if we can develop some practices in these centralized sites that protects peoples funds better. I don't mind sharing my knowledge with others on this if it helps.
Last edited: Feb 29, 2016