You have to be careful, but people have gotten a lot better at being careful. The contract used by QuadrigaCX was written last summer, and violated a well-known best practice, which is no longer necessary due to an improvement in Solidity. Human error is always a problem, but these days it's common to hire at least one security auditor for any contract that handles nontrivial amounts of money. (I'm a full-time Solidity dev/auditor.)
It's still a little scary, but I'd say it's less scary than safety-critical embedded code.
It's still a little scary, but I'd say it's less scary than safety-critical embedded code.