This article is a constructive criticism for Kraken exchange, which has the most annoying security feature for traders (and those using its API): maximum number of withdrawal addresses.
Although Kraken is very concerned about security (and it's indeed a good practice), when the security policy is so strict to limit what traders can do, the same traders the exchange wants to attract could decide to use another exchange, reducing the volume of the exchange, which is against the interest of the exchange.
So here're 3 reasons why Kraken should allow traders to withdrawal their coins to an unlimited number of addresses (or at least give the user an option and not impose this restriction on every user).
Maximum of 50 withdrawal addresses? Really?
Well, Kraken allows trading for Bitcoin, Ripple, Lumen, Litecoin, Dogecoin, Ether etc and we're supposed to use the API and withdraw to only 50 addresses between all coins? Take for example Ether which is traded on at least 25 exchanges, which will need 25 addresses, half of the limit. If you trade Dogecoin, Litecoin etc, there's no way 50 addresses will be enough.
API users who trade over several exchanges, can't depend on the user interface to insert one address by one manually...
The majority of exchanges allow withdrawals to any address the user wants. And in the case of the API, this is the correct behaviour, since if some withdrawal address changes, it will be automatically used. In the case of Kraken API, it's impossible to do this.
For those concerned with privacy on Bitcoin transactions, it's recommended to always use a new address. In the current scenario, nobody using the API will be manually changing the withdrawal address on every withdrawal by hand...
Security alert from Kraken
On August 16, 2016 Kraken sent an e-mail warning users that this policy will be restricted even more: "As an added layer of account protection all newly created withdrawal address will require email confirmation for the first few withdrawals". Well, this completely broke the API, since nobody uses the API for doing trades by hand. If the user has to confirm the withdrawal by e-mail, then what's the reason to use Kraken API?
If I took the time to write this is because I think Kraken matters and the overall experience can be improved. Although Kraken's support answers all questions and feature requests, it seems they aren't willing to change this policy, so I decided to write this critic on a public medium. If more users agree with me, maybe Kraken changes this policy and allows a more flexible interaction with clients.