Any coins to which you don't have the private key are not yours, they are a ledger entry, so don't store coins anywhere except your wallet (cold storage is best), unless you absolutely have to.
Does Coinbase fall in this category? I create the address using Coinbase, where is my private key??
Curious about this same question as to does Coinbase fall under this?
Coinbase and many other sites are reputable, but no one is perfect. SR 2 (unless they are crooks) made a dumb error and lost a lot of coins. Ditto Gox. Ditto others. Ditto some of the pools. Has coinbase been hacked? Not yet that we know of. Have people lost coins at coinbase? People say yes, probably through Trojans, key loggers, and the like.
The best practice is to use cold storage for coins you don't intend to use soon, where you have the private key(s) created using the bitcoin wiki process.
Think about it like this: you send your coins to me, and I'm holding them for you. You have to trust me, trust everyone who works with me, trust everyone who has access to our network (even the NSA can screw up there) and everyone who has access to the private keys. You also have to trust each of those people to not accidentally screw up by getting malware or just making a mistake in coding. Hopefully most of coinbase's coins are offline in cold storage, but you are trusting them. They are well funded, so probably are okay, but it is pretty easy to move your coins out of there if you intend to keep them for a long while, so even if the chance of them having a problem is low, why not protect yourself?
