"That [BitGo insurance] only covers incidents caused by BitGo. If Bitfinex's keys were breached and the hacker was signing with them, BitGo was signing legitimate transactions as far as their agreements are concerned."

So then what would their insurance cover? Their customer was responsible for setting up a two signature requirement, Bitgo only held one key, and only a transaction with two signatures could cause any loss. If their insurance didn't cover transactions that Bitgo erroneously signed that causes losses, what could it possibly cover?

Remember, multi-sig requires two signatures. If Bitfinex is signing a signature, there's no reason for BitGo not to as well.

Then what possible purpose does Bitgo serve? Why not just use a single signature?