Anyone can create their own steemit and interface it to the same blockchain.
The data will be the same, the presentation different.
Here's a thought: A lightweight "Steemit management app" where users manage transfers, keys, et cetera..
And the normal steemit.com website, which under this model, NEVER gets to see the active or owner keys.
Therefore, at most, an attacker would be able to post with your name... and you can then easily revoke this access from the standalone app.
As long as the whole site runs in the browser, remember this: there is no magic bullet, if there is a server-side hack or client-side exploitation, all bets are off..
The problem essentially is that steemit.com is sending you the computer code that your machine will run to manage your funds.
Disrupt that process, take ownership of the wallet. As we've seen.
It's not safe, and it can never be with this model.