You can't understand the difference if you think in terms of the exchange. You need to install a non-custodial wallet and start making transactions yourself, without the need of those intermediaries. Once you do, you'll see that every transaction you make is publicly available for anyone to see.

If you send money to a merchant, they now know your address. If you decide to deposit money to the same address again, then the merchant can know you just deposited money. More info can be leaked if we continue this further. For instance, you may decide to spend all of your money, from all of your addresses in one transaction. One can therefore conclude that all these addresses come from the same owner.

Yes, there's a security issue when it comes to ECDSA signatures. One transaction contains several stuff, but what matters in this case is: A public key and a signature. The signature is consisted of two values, one called r and another called s. Mathematically speaking, one can work out your private key if they have two signatures which have been signed using the same private key and have the same r-value.

Also, if the software you're using doesn't create strong signatures, such as ones less than 256 bits, they can solve the hidden number problem and reach to your private key by having your weak signature and your public key. For example, a compromised software may generate insecure nonce values. [1]

Your wallet is supposed to create strong 256-bit signatures with random r-values in each transaction. It's taken for granted that it will. You should always ensure the authenticity of the wallet software you install by verifying the developers' signature.

Yes, what I've written above refers to child private keys. They're also called private keys, plainly. Extended private keys are used to derive them deterministically.

Another security fact is that one can work out all of your child private keys by knowing one of your child private keys and your master public key.

---

[1] https://eprint.iacr.org/2019/023

Let's assume that you have some private key "d" and you sign a transaction with some random value "k". Then, you are creating a relation between "d" and "k", so that anyone can view that and validate your signature. For example, if you create a signature, anyone can know that:
With each and every signature, you reveal some equation like that in the blockchain. If you reuse your address, you create relations, where your "d" is always the same, then only your "k" and those known numbers are changing. So, after collecting some signatures, everyone can know something like that:
If you have many signatures, then it may be possible to calculate some kind of relation between your "d" and any of your "kN", or even between "kM" and "kN". If someone will collect many signatures and if someone will simplify that to "d=number*kN" or "d=number+kN", then your private key will be revealed. If all of those numbers are truly random, then it is safe. But if there is some weakness in the way you generate random numbers, then it can be used against you. By using new addresses each time, you reduce that risk.

I think you should just stop using an exchange for your transactions.

No, if you signed the transactions using Trezor or Ledger, you don't have to worry about this technical detail.

If you swap between those wallets, but without reusing any address, that would be fine.

This is the way to accumulate, but not necessarily to use Bitcoin. Once you make your purchase, send them to your non-custodial wallet. (e.g., Electrum)

Thank you all for helping me understand the above.  It was super insightful!!