Being exposed to smart contract security vulnerabilities is completely normal: you already get that risk when interacting on the L1 anyway.
L2s that have completed their features are designed so that, even if they go offline or censor your transactions, you can still get your funds out of the L2 yourself.
The biggest vulnerability of L2s, right now, is upgradability, specifically because they still are implementing lots of new features. And many L2s haven’t yet fully implemented their forced manual withdrawal, but it’s precisely what some of them are working on.
Another problem of L2s is operators can censor your transactions, but that is always a problem, even and most of all in centralized “reputable old and secure exchanges”. Only decentralized ones are ok in that regard.
