since cold lock is not available till the next version, let me share half of my secret recipe for "safe enough minting", it goes like this:
make a script named mint
#!/bin/bash
stty -echo
read -p "rpc: " rpcpass; echo
read -p "wal: " walpass; echo
./ppcoind -rpcpassword=$rpcpass walletpassphrase $walpass 99999999 true
stty echo
and a script named query
#!/bin/bash
stty -echo
read -p "rpc: " rpcpass; echo
./ppcoind -rpcpassword=$rpcpass $1 $2 $3 $4 $5 $6 $7 $8 $9
stty echo
- put rpcuser/rpcpassword in ppcoin.conf
- run ppcoind as daemon
- remove rpcpassword line from ppcoin.conf
- run the mint script to unlock wallet
- run the query script to control your ppcoind, for example "query getinfo", you'll have to enter the rpc password every time
The idea is the intruder has to be a bit smart in order to steal your coin, after he gets he can take the encrypted wallet, but he cannot command the unlock wallet to send coins to his, since rpcpassword is not left anywhere, he has to plant trojans/keyloggers/or put some effort into it in order to take it,
although if you just do this, and never come back to query it, it should be reasonably safe, or to make query a bit safer, you could try to use SSL option on rpc, listen rpc on localhost, and make a ssh tunnel to it, then query it from the tunnel, intruder will have a harder time I guess,
that is all