If you are worried somehow a hacker could steal the IOU tokens, then you could secure it through multisig on Bitshares 2.0. I don't see how an attacker would be able to hack a multisig account in control of the IOU tokens. So the chance of that happening isn't very high, as everyone involved would have to be hacked at the same time.
So even if the exchange controlled the IOU tokens, they could control it through Bitshares 2.0, in a decentralized manner using multi-sig. The only vulnerability I can see would be at the gateway itself, which would basically accept bitBTC for BTC. A smart contract could be programmed to accept bitBTC for BTC automated at the gateway and treat it just like a purchase of BTC.
Ripple could be used, or Ethereum, and I would only see this as necessary when people want to withdraw to actual BTC, when they want to take their BTC off the exchange. So while their BTC is on the exchange they would be safe because it would be bitBTC on Bitshares 2.0, and the risk would happen upon withdraw, but you can minimize it with smart contracts and the trusted entity such as a financial institution or bank to be the gateway.
So the exchange could guarantee that it can't lose your money, but the gateway could not guarantee that. The gateway would have to be regulated but the gateway could be Coinbase or Ripple. If you want to really get fancy, you could probably even sell directly to random people who want to trade BTC for bitBTC using a smart contract, and then give the BTC over to people who want to buy BTC, but that seems unnecessarily complicated, it seems to be how counter party does it.