It's not about whether it's going to fly. It's certifiably insane to trust your coins to any third party unless you either have multisig control to prevent those coins from leaving, or they have insurance to replace your coins. Do not ever trust anyone, or you'll lose your money like I did. They won't replace it unless they're legally obligated to replace it (insurance) or they're technically incapable of losing it (multisig).
Anything else is magical thinking at its most dangerous, since it can ruin lives.
This is a religious view speaking. More bitcoin has probably been lost due to people thinking they should handle it themselves, and doing it wrong, than has been lost to all the big hacks including Mt. Gox. A survey from a while ago reflects this likeliness: http://www.reddit.com/r/Bitcoin/comments/2bjefu/results_of_a...
I didn't say everyone should manage their own bitcoin. I said people should manage it themselves if they have the technical ability to do so. For everyone else, stick with banks. If you're borderline unsure whether you can store your coins in an encrypted wallet and make regular backups and not lose those backups, then keep your money in an FDIC-insured bank.
But sticking your coins into a webwallet like Coinbase without multisig control is a recipe for unmitigated personal disaster. A mental exercise is useful: "I've lost all my money." How would that affect your life?
I strongly disagree with anyone who would push the view that it's okay to sweep the issues under the rug in the name of making Bitcoin more popular. Putting people's fortunes at risk is almost equivalent to putting their lives at risk, because your quality of life is directly proportional to your fortune.
If Bitcoin sounds risky, that's because it is. No amount of regulated exchanges will change that. What will change it is giving consumers multisig control over their coins, or insuring against a total loss of all coins including cold storage.
There's literally no other option. One of those two things must happen, or you must not use the services. Or if you do use them, don't put in more than a quarter of what you're comfortable with losing. If that's $100, then never deposit more than $25 in BTC.
Remember, Bitstamp just lost $5 million USD to hackers, or half their most recent investment round. It's unknown whether they're currently insolvent. Everyone thinks they might have enough money to cover the losses, but nobody knows for sure. They could currently be a fractional reserve.
So Mt. Gox wasn't a one-off. Nobody is safe from hackers, technical issues, or even rogue employees that want to become millionaires. Due to the untraceable nature of Bitcoin, all exchanges and webwallets are extremely attractive targets.
The problem is that people who think they have the technical ability to do it right is astronomically higher than reality, not because people overestimate themselves, but because they underestimate the difficulty of "rolling your own bitcoin storage." I mean, you can make these arguments, but the history proves that so far centralized storage has been safer than self storage, on average.
Further, Coinbase does give users access to their private keys with the multisig vault, so one of your two criteria has already been met.
Are most Coinbase users using multisig? Since it's not the default, I'm pretty sure the answer is no. So unless multisig is the default at their new exchange, all of those people are at risk. Few are helped by multisig if few people use it.
Since Coinbase has a large cold storage reserve, and since multisig-protected coins can't be put into cold storage, the answer is pretty clear: Coinbase protects few people.
It's a false dichotomy that coins must be stored in a personal wallet that users mess up, or a webwallet that exchanges mess up. There's a third option: Convert those coins back into USD and stick it in a bank. As long as you're storing less than $500,000, you're guaranteed to have it.
Anything else is pure greed. As someone who has been burned by greed, my misfortune stands as a warning to others: please don't make my mistakes.
The reason I lost coins is because I was tempted by Mt. Gox. Their 2FA auth made it seem very unlikely that my coins could go anywhere, just like Coinbase. If I'd researched Mt. Gox, I would have discovered a history of technical problems. Yet if you research Coinbase right now, you'll discover they've had a history of those too. There have been at least two or three high-profile Coinbase incidents over the years which were featured on HN. And if you research Bitstamp, you'll see they just lost $5 million.
The common denominator is that exchanges and webwallets aren't trustworthy.
Anything else is magical thinking at its most dangerous, since it can ruin lives.