As the people here have said... the hard core coiners keep their funds on a cold machine, and only put them on the hot machine after they are signed. If your have your 401k in BTC that is the only way to fly. Now the further you get away from that hyper-paranoid config, the higher the risk of getting your coins stolen by someone who finds a kink in your security. What you propose... a remotely accessable hot wallet is about as far away from cold storage as you can get... but for the sake of having said... here's how to do it.
I dont think you even understood the requirement and hence given long lecture on clod storage. In a website, where funds are coming in going out every minute, how do you make things done only through cold storage ? You have to use either JSON-RPC with Bitcoin daemon (which I asked) or use an API to do real time operation. A significant part can be kept in clod storage, but avoiding hot wallet is impossible. And the solution you have given after that is good for HTTPS researcher, not for a bitcoin based app developer.
This list is by no means complete... it is just what I thought up over my sandwich at lunch..
You should have concentrated on the sandwich rather than trying to mess up a tech problem. Just a word of advice. If you dont know a certain subject, better not try to give lecture about it. It only makes you look ridiculous.