I feel like you missed the point, entirely. I hope and expect any service to do the best to protect itself and their users, by all means try to achieve that when making your new super-service-x.
Then the trust issue kicks in, you can't even know for sure whether a supposedly cold storage is actually cold storage. The moment a service starts using cloudflare providing ssl is close to pointless. You have no clue whatsoever about the code quality in the server, as well how well administered it is. If you ask the question "how safe is(are) your server(s)?" it is very likely that the least knowledgeable person will anwswer "it is the most secure thing ever!" and then sites like coindesk will happily reproduce such answer.
Then the trust issue kicks in, you can't even know for sure whether a supposedly cold storage is actually cold storage. The moment a service starts using cloudflare providing ssl is close to pointless. You have no clue whatsoever about the code quality in the server, as well how well administered it is. If you ask the question "how safe is(are) your server(s)?" it is very likely that the least knowledgeable person will anwswer "it is the most secure thing ever!" and then sites like coindesk will happily reproduce such answer.
Sure, but this doesn't affect the importance and sanity of asking about security (or identity, or proof of competence, etc). Those who are actually qualified to be running a service will answer such questions just fine, and those who aren't, including coindesk and its ilk, will continue to be irrelevant.
