What it comes down to is that only the program itself "knows" the bitcoin private keys and the code inside the cointainer. They would never be revealed to the host. I don't mean security by obscurity like spaghetti code, what I mean is that no amount of reverse engineering would reveal the contents of the container.
This is impossible. The CPU needs to know the encryption key to decrypt the container; there's no way around this.
It's not impossible, but I think that it might require a duel processor system wherein two or more processes know part of the secret and process a running stream. This is akin to how the Japanese would encode/decode messages during WWII by using a team of enslaved chinese businessmen who would all use their abacusi to perform a small calculation on a series of numbers and produce a new set of numbers, this new set of numbers would be collected and passed to another team of said chinese businessmen that would perform another set of standard calculations, and so on. Until the last set of calculations were performed by a team of Japanese women working for the military that would produce the final decrypted messages. I don't know if one can get around the final process/processor having open access to the secret, however.