Since getting your taxes wrong can land you in prison, you really need to ask someone qualified to answer this definitively. You should ask accountants certified in the jurisdictions in question, not an internet forum.
To prevent a website hack from emptying the "front line" wallet, it may be best to write a very simple API that runs on the bitcoind machine, sanity checks any spending requests from the web site machine, and if valid invokes bitcoind locally.
I've been contemplating the same, and have come up with the following ideas:
1. Run bitcoind on a separate machine to your website. Have the website connect to the bitcoind machine via the JSON API as a client. Keep the bitcoind machine as locked down as possible. Keep its existence private. Run as little software on it as possible to reduce the risk of security holes - basically just bitcoind, sshd (so you can log in), and whatever monitoring software (zabbix, nagios, etc) you run. Keep its software up to date.
2. Keep only the minimum balance needed to fulfil short-term spending (say in the next day or two) on the bitcoind machine. Send the rest to another bitcoin account elsewhere (call it the "archive").
3. Do any large spending (over X bitcoins) manually as a batch job once a day, perhaps on the "archive" bitcoin machine. This allows you to keep the balance on the "front-line" bitcoind machine lower.
Hello! I'd like to request being whitelisted if possible. I'm a business investor and developer who is interested in discussing potential business models.