The only thing riskier than smart contracts would be smart contract insurance products atop smart contracts. I'm sure they only allow for vetted contracts, but the incident discussed in this article was not a contract hack, it was a website hack to change the approve addresses. If that type of thing is going to be covered then it's well beyond smart contract due diligence. That would require evaluating end-to-end op sec practices on an ongoing basis.