The setup was not designed with security in mind, but rather with regulatory arbitrage in mind: at the time bitfinex was fighting with the US Gov about their lack of financial compliance and this was an attempt to say "we do not hold customer funds so we do not have to comply."
Discussion
The result was an insecure setup where bitgo blindly signed any bitfinex customer withdrawal request without additional authorization, by design.
An extremely insecure setup that could have been easily compromised through effective social engineering. 