Vanilla EOS would be totally unprotected. The way to protect funds in crypto, in general, is to follower certain procedures.
That said, specific systems on EOS can build protections similar to the Steem "power up" protection available on the steem blockchain. If an EOS contract is launched, the contract holders can program that contract in such a way to protect people from immediate asset theft.
Also, each team that launches an EOS contract, has the options available to them to build in safeguards to protect against bugs. Let's say their contract has a bug like the DAO did, built into EOS is the ability for them to manage their contract in such a way to give them options... for example, they could give themselves the transparent right to freeze all funds in the system, preventing withdrawals. There is a lot of safeguards possible.
If their contract-level protection fails, it reverts to the EOS constitution for resolution which may has a standard set of guidelines all participants agree to.