Financial services generally aren't in the business of security. They're in the business of risk management. Once you understand that distinction, much of what they do makes sense.

Unfortunately, some unhappy conclusions for the customers of these services do logically follow, starting with the fact that if you're not a huge customer, the financial services have little natural incentive to care about the safety of any assets/investments they handle for you. If something very bad happens, you might be an acceptable loss relative to the cost of mitigation, right up to the point of fighting you in court and then losing anyway. You personally might suffer greatly for any losses, and even if it's ultimately put right you might suffer months or years being dragged through the system, but no employee at any financial service is personally going to lose any sleep over your case.

This is why it is necessary to have regulators with teeth in financial industries. Any lapse that could cause significant harm to a customer should also potentially cause significant harm to the financial service. An ongoing pattern of such lapses should cause severe damage to the service's bottom line and eventually it should become an existential threat to the financial service itself, preferably with safeguards to ensure that the management and/or shareholders can't just escape using the technicalities of incorporation. Without this sort of counter-balance, the numbers will always be in favour of trampling on the little guy, and if there's one industry that runs on the numbers more than anything else, it's financial services.