The emergency pause is only meant to be activated in the event of a serious vulnerability being discovered which puts user funds at risk. During the pause, all trading is halted and liquidity can no longer be added to the Vault, but liquidity can always be removed by users, even while the protocol is paused. Pausing does not grant anyone, including the Balancer Governance Multisig or Balancer Labs, direct access to user funds. It simply creates a safe environment in which funds can be withdrawn and any potential attack on the protocol can be mitigated.