He meets with customers in person to verify their identity and exchange bitcoins. No.

How do you seceure yourself for something like that?

Probably by being careful.

Google's 2FA wasn't hacked, it was bypassed. Essentially, there was a second "door" (the account recovery flow) that wasn't protected by 2FA, and that's what the attacker used.

It doesn't matter. The point of that story is, the weak link is going to be exploited. Bitcoinica is a good example. Zhoutong said at the start he understands application security, and in fact the big attacks didn't result from exploits in his code, but from third-party vulnerabilities.