The only accounts exposed within the app, are the manager accounts. If they ever get stolen, the hacker cannot also take the assets, only execute the DeFi operations allowed by the portfolio. In that case, the owner can withdraw all the assets from the portfolio securely.