We employ a 3rd party security company to scan our networks and application periodically for any security issues.
Most of the coins are stored in offline wallets, so if the site is hacked, users will not lose their coins.
We use multiple layers of network and application firewalls. All requests are filtered multiple times to prevent various forms of attacks.
All passwords are hashed before stored in the database.
Our network is protected against DDOS attacks, any attempt is automatically blocked.