Staking with us does not require giving us custody of your holdings. This ensures that, in the unlikely event we are hacked, your holdings are never at risk of being stolen.
We take extreme measures to ensure that malicious actors cannot impact the blocks we validate. All of our signing servers are behind a firewall and only talk to our listening servers. Signing servers are in locked data centers with full-time security, monitoring and access controls. We use hardware signing modules for key management. This means if our servers are hacked or someone gets physical access, they still don't get our keys.
We also use internal controls to guard against abuse. Our offices do not store keys or contain anything of value. All private keys are secured offsite. All remote access by employees uses public-key authentication - no passwords or other phishable credentials are allowed We use multisig technology to provide security against attacks and guard against abuse by insiders.