This question has been asked previously (
https://bitcointalk.org/index.php?topic=170264.0 ) but the answers weren't as good as I was hoping (and as a newbie I can only post here for now).
I understand the principle of unlock-sendtoaddress-lock but this seems unduly risky to me. If a hacker can deploy key-loggers to a server they can also deploy wallet monitors that can scan the wallet.dat files for the private keys and in the brief milliseconds that the wallet is unlocked, the private keys will be read, tested and emptied.
So my questions are:
1. Will there ever be a password parameter to sendtoaddress? If so, any idea when? I see this has been a known issue for at least two years and as far as I can see, nothing has been done.
2. How do online wallet and exchange services protect their wallets (or for that matter, client solutions like armory). I can only assume they don't rely on the unlock-send-lock method.
3. Alternatively - are there methods for receiving and sending bitcoin (and other crypto currencies) that don't use a local bitcoind service? I would feel much safer knowing the private keys were never stored on disk in plain text at any time.
Regards,
Guyon