I'm not concerned about wallet's internal security in this case. I'm concerned about how to secure the wallet access on my web server.
DO use dedicated servers (rented or collocation) in a secure reliable datacenter.
DO a clean install of operating system on all servers using IPMI or IKVM to ensure there are no datacenter backdoor.
DO use
Principle of Least Priviledge in all your design decisions.
DO use strong credentials for server access (long random passphrases are good, but public key cryptography is better).
DO strengthen authentication by limiting authorization to IP addresses.
DO take advantage of multiple Ethernet ports to create a dedicated secure internal LAN.
DO require a VPN connection to VPN endpoint (hardware firewall or dedicated server) for remote access to the secure internal LAN.
DO isolate the hot wallet to single purpose server which is connected only to the secure internal LAN.
DO ensure all backups are strongly encrypted (AES-256 or equivalent) and stored offsite to prevent unauthorized access via backups.
DO ensure your public bitcoin node (not wallet) has a large number of connections to the network.
DO consider using additional listening nodes to provide a more complete view of the network.
DO use dedicated machine (netbook fits nicely in a safe) to process cold wallet transactions offline.
DO use RAID for redundancy and sign agreement with datacenter that failed disks are ship to you for verification and destruction.
DO authenticate transaction requests from the webserver to wallet server.
DO add heuristic analysis of transactions and halt the hot wallet on unusual activity (requests from honeypot accounts, a high number of requests, invalid requests).
DO use an intrusion detection system (IDS).
DO use encrypted wallet on hot wallet to prevent access after power cycle.
DO consider having the hot wallet power off (better safe than sorry) when unexpected activity occurs and ensure there is no possibility of lost keys in the event of sudden shutdown.
DO NOT allow public access to IPMI or IKVM. Limit connectivity to secured internal LAN only.
DO NOT allow direct access to wallet server. Limit access to the secure internal LAN only.
DO NOT use disks without whole disk encryption. All your security can be bypassed by just pulling the disks from the server.
DO NOT use datacenter switches for your internal LAN. VLAN is only secure if you have sole access to the VLAN settings.
DO NOT use a "trusted" third party to provide you Bitcoin transaction data. You could be put on an inferior fork and never know it.
DO NOT use a Virtual Private Server unless it is running on your hardware. A VPS you "control" on hardware someone else controls is nothing but the illusion of security (see linode hacks).
DO NOT rely on transaction id of unconfirmed transactions. Match "payments" by receiving address and unique inputs.
DO NOT have receive payments directly to hot wallet to limit the damage if hot wallet is compromised. Instead route all incoming payments to cold wallet (and manually load hot wallet as needed).
If all that sounds too hard well you shouldn't be handling digital cash. The security measures taken by Bitcoin service providers should be comparable to what is taken by a bank or gold bullion depository.
