Never store bitcoin in addresses who's public keys are used for Multisig address generation on markets.
The reason for this is, if a market allows you to give them the private key to that wallet to sign with your key, the markets keys, and broadcast for you. You have to trust that the market isnt storing private keys, either maliciously or accidently. Thus compromising the bitcoin address and any coin that ever sits in it. Not to mention any party involved in the transaction can monitor that address and follow coin and trace coin by using the public key.
Cycle public keys from time to time.
incase a market or sites like coinb.in are maliciously storing private keys. No one but you remains in control of your transactions and addresses.
Keep Redeem Scripts in a safe place
the beauty of 2of3 multisig markets is vendor and buyer can complete transaction together without needing the market up and running 24/7
both parties should keep a copy of the redeem script so the party recieving the funds from the multsig address can create a transaction to a desired wallet, sign it, pass it to the other to sign and broadcast. Wouldn't trust the other person to put in the address, you want your money to go into, in the transaction for you right?
Always verify Multisig addresses with the Redeem Script BEFORE placing coins into it.
This is to prevent sending coin to an address 1 person has complete control over. Coinb.in will tell you what public keys were used and what the multisig address generated from them is. For extra security ask the vendor to validate his public key. easiest way is to message vendor and ask "Is one of your Public keys in your pool XXXXXXX?"
"allows"? I'd never give a market my private key! If they tried to enforce it I'd find a new market pronto.