"not your keys not your coins" is fundamentally true, however that adage can be dangerous and not best practice for many. There seems to be a lack of understanding around the risks users take when taking possession of keys....
The coinbase article you refer, it seems that - despite the terrible customer service - these "hacks" were simply individual users not securing their accounts properly... weak passwords, not using 2fa, their keys stolen by means of keyloggers due to insecure personal devices etc.
Why do I think the adage is dangerous? it lulls people into thinking that software wallets are safer. WRONG. Not only do you have the same issues as above relating to weak security, you increase your risk with chances of physically losing the device without proper backups, losing the server side security and relying on your personal device being secure etc. This is the worst thing holders who aren't well informed regarding security can do - yes the keys are yours but they are easier to lose than keeping coins on the exchange. Also bugs in the software can be exploited. Just look at how many software wallet users post about lost coins in crypto groups.... way more than I see being lost from exchanges.
IF you secure your personal exchange account properly (strong cryptographic password advised) with 2fa and secure your device properly... leaving coins on the exchange may be a better option as you are protected by their firewalls and security protections, if the exchange is hacked then you should be covered by their insurance....
Physical wallets are of course best practice, yet suffer their own flaws - physical theft, lost in fire/flood etc.
