This is how I'm thinking of it:
1. When depositing currency A to the exchange, you transfer to a 2-of-3 multisig address. You own two keys, and the exchange owns another key.
2. When placing a trade for currency B, the exchange initiates a transaction to transfer the trade amount of currency A to a 1-of-2 multisig 'personal hot wallet', which you have to sign with one of your keys. You and the exchange each have a key for this 1-of-2 'personal hot wallet'. The exchange can transfer funds to the current owner(s) of currency B, and you can transfer the funds back if you need to cancel the trade.
3. When the trade executes, the exchange sends your new currency B to another 2-of-3 multisig address of that currency, which is the same as currency A's (you own two keys, they own one key.)
4. Whenever you want to 'withdraw' any currency, you can transfer the funds to a different wallet using both your keys. (I put 'withdraw' in quotes, because the money is barely 'deposited'; you own the funds and the exchange cannot steal or transfer them without your consent.)
- Exchange only has control of funds in the order book; you don't have to trust them with 100% of the funds you want to trade with
- Damage done by exchange getting hacked would be minimal; hackers would seek other targets for bigger rewards.
- The centralized service just acts as an escrow facilitator of transactions, and all transactions are voluntarily signed
- Speed of trading is limited by the block-confirm times of the currency
- This cannot work with Fiat or any non-cryptocurrency
- Having to confirm and sign all trade transactions manually could be annoying/tedious.
Some ways to combat these disadvantages are to, of course, use bitshares or bitassets as at least one side of the currency, as we have 10 second block confirms. If there is a fiat on-ramp for their corresponding MPAs, users could use this instead of centralized IOU fiat. Finally, instead of signing/confirming every transaction manually, an opensource exchange client could be built that handles automatically verifying the transactions.
I realize this may have limited utility since we can do a lot of this kind of trading right inside the client we already have, but I'm thinking that cross-crypto trading without IOUs or MPAs of those cryptos would be killer.