Security wise, advantage of using CLP's (Continuous Liquidity Pools) is that they can only contain real main chain assets - unlike exchanges where there are a lot of buy/sell walls ie. artificiality. Centralised exchanges have also been known to offer low & zero fees for market making which leads to manipulation.
In liquidity pools- If someone tries to game the pools they open themselves up to massive losses because economically incentivised actors will be watching on and balancing the CLP's. There are also small fees for withdrawing which prevents against known attacks so anyone who is trying to game the system will also incur losses in CLP withdraw fees and protocol fees. In the initial design of BEPswap, 11 competing validators will connect to manage statechain assets, as well as the pools in bridges. As long as 67% of the validators are honest and value their RUNE tokens they are staking, the system is safe. Due to incentives, there will always be a higher value of RUNE staked than there is in bridged assets.
THORChain also utilises Threshold Signature Scheme technology which means no single validator can obtain the key to statechain assets since it never exists at any point in time. In other words, with TSS - it means there is no trusted setup and no private key - ever! The 11 parties must always cooperate to process BEPSwap transactoins. It would need 8 of 11 globally separated validators to be breached. Furthermore, the pool addresses are TSS addresses, so there is no private key.