I guess I should mention that the hosted wallet isn't the core of the business - and I am not opposed to investing in talented security professionals to help secure the service in the future.
I know there are
A LOT MORE than the initial list.
I wanted to start this thread as an open forum for developing a longer, more complete list of security precautions based on contributions.
As far as open source, that would be great if there was a set of known security protocols that everyone agreed were minimum MUST HAVEs to even be considered secure.
It takes a lot more to secure a hosted wallet than what you suggest here. Is this intended to be an open source project, kinda like blockchain, only open?
If so, that's a good idea.
If you want to do this as a business, you will need a lot more experienced security people to help you or this will quickly become a capture-the-flag platform for hackers.