You use a service like an exchange to store coins, and it's Russian roulette. Even using any service temporarily exposes you to some risk, but at least you minimise exposure if you immediately withdraw once you're done using.
In the end, most users are super ignorant, don't know what a good client is, don't know what private keys are, etc. If they stick to a reputable exchange, they are less subject to potential coin loss than if they decide to take care of their own storage and use malicious clients, because that's how quite a significant number of users lose all their coins.
It's even quite difficult for people like us to take care of cold storage, because we have to make sure we sign clients before installing them, have yourself or someone else you know audit the code, etc.
Seriously, the only thing you need to trap in users is a fancy looking client, and people install it just because it looks better than all the trustworthy clients combined. That's how far gone average joes are, and honestly speaking, crypto as it is isn't noob friendly, 'using' (more speculating) crypto through exchanges is, because someone else does everything for you.
