Now, if you do trust that exchange why not keep your balances in a 2-of-2 multisig where you hold one of the keys and the other key is held by the exchange.
Impossible. You could trade within the exchange, make a huge loss and then refuse to release the key to the exchange at withdrawal time, locking up the balance and preventing the exchange from moving the funds out to the winner(s) of all your losing trades.
My example was regarding paying merchants for goods and services, but it still could work in certain cases with centralized exchanges too. Whatever "payment" you make, whether it is in exchange for goods/services or the money allocated for a bid/ask order, you would need to create and sign the transaction and send it to the exchange. The exchange could sign that transaction and broadcast it, but they don't until they verify the payment should become irreversible. If they decide to reverse, they can simply throw away that transaction and create a new signed one (which they give to the payer to sign and broadcast) that moves the funds to a new balance so that the payer has assurance that the old transaction cannot be used. In the case where the bid/ask order is actually matched, at some point the exchange needs to settle with the parties involved with an irreversible transaction. Prior to that point though, the exchange could roll things back.
But anyway, I am not concerned with the case of trading on centralized exchanges because I think the future is trading on decentralized exchanges like the ones on BitShares. And I think multisig protection (2-of-3 for example where you have one in the hot client, one in cold storage, and the third by a trusted business) is good enough to prevent your funds from being stolen or traded against your will due to hacking attacks.