Yep - sorry we should really add a page on that. We're storing wallets in the cloud so this is an important concern. Private keys are encrypted in the database. bcrypted passwords. We also offer two factor authentication for your logins:
http://blog.coinbase.com/post/25677574019/coinbase-now-offer...
We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.
We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.