I believe the scheme lets depositors prove that their own coins were included in the liabilities calculation. If some depositors never check, the exchange could steal their funds, but if it was a regular part of using an exchange, it would put a pretty strict limit on how much could be looted before it was noticed.
If an exchange can prove it controls 10 BTC, great. But what if it owes 20 people 1 BTC each?