Sending bitcoin securely from web server

[xtpu]

I'm developing a web application that would not only accept, but also send payments to web users.
For now, I'm using the official client (bitcoind), but I suddenly became worried about this issue:

The wallet is encrypted. So to send a payment, I need to run walletpassphrase. However, as far as I understand from the documentation, when I unlock the wallet, it becomes unlocked not just for one connection or one transaction, but for all connections / transactions. This means that if I do "walletpassphrase", "send", "walletlock", there is a small window of time when the wallet is unlocked. If someone then has access to the machine, they might be able to send a malicious transaction in that window of time without knowing the passphrase.

It would make much more sense if I provided the wallet password per-transaction. I.e. "send <wallet password> <normal send parameters>". Then, the malicious user would have to have the wallet password in order to perform the attack.

Is something like this possible with the official client? If not, can anybody recommend a client for this purpose? Or would I have to modify the source code?
Has anybody come up with solutions for this that don't involve using an external service? I see that quite a few people run gambling services with bitcoin... maybe one of them could chime in to tell us how they do it?

[torusJKL]

I don't have a tutorial for you but I think the following would be a secure way to do it.

Use Armory or maybe Electrum instead of the reference bitcoind.
Those programs let you create transactions on the web server but then you will need to sign the transaction with another instance of that program.
That instance you would need to have on a different very secure server.

This way even if your web server would be hacked the only thing the hacker could do was see your transactions an create read only addresses.