the hoster of the vps has physical access to the machine and can read your keys.
There are also possible side channel attacks from other VM's on the same host.
see here:
https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdfNot sure how much bitcoin you need to make this a worthwhile attack. On the other hand I dont see a need for a server wallet anyway. Whats the benefit here?
The benefit is that you can access your bitcoin wallet from anywhere.
Blockchain.info is designed so that the private keys are stored in the client's browser and never make it to the server. Some people think this is more secure because blockchain.info never sees the private key, but now the private keys live in your browser's localStorage. Its just as likely to get hacked there is it is to get hacked on blockchain.info