Existing accounts on the Steem blockchain that are used for various things such as @null are created with a locked state preventing anyone from ever using it.
In this case, @blocktrades created the @steem.dao account and will be able to manipulate the account in whichever way they deem fit. Even if the keys were nulled out, there would be at least a 30 day period where an account recovery could be executed to change the owner key to another one @blocktrades controls.
How will you make sure we don't just have to take your word on the security of the funds sent to @steem.dao or any account?
The hard fork should lock the state of the account. Presumably they only registered it to prevent someone from registering pre hardfork (when it is not special) and pretending they are official
▀