ERC20 Approve/Allow mechanism explained

I came across this nice article when I was learning about

I had no idea that I was implicitly giving permission to exchanges to sell all my ERC20 holdings of a token when the more secure pattern was to allow only a subset of tokens for sale at a time to prevent getting wiped out.