If you set up your VPS with a hierarchical deterministic wallet[1] or a passphrase-protected private key[2], your hosting provider will be unable to determine your private key.
There's really no getting around the evil maid attack[1], if someone can attack your hardware directly. There's even evidence that a sufficiently clever attack can persist through formatting and re-installing a drive[2] - note, people have also found exploits in network firmware... remotely exploitable exploits. If you can do it by accident[3], then most likely it can be done with malice aforethought.
Edit: adding a strong pass-phrase /does/ give you a significant level of protection; While it doesn't offer protection from an evil maid type attack (where the attacker trojans your server, then you decrypt your key after said server was compromised) it does offer quite a bit of protection, say, from an attacker who has access to old backups but not your production system. So I think a passphrase on all of your important private keys is a worthwhile thing to have.
I just want to make it clear, once you decrypt that key from within a compromised system? all bets are off.
There are issues to be aware of, but for small amounts it's perfectly reasonable to acknowledge a transaction without confirmations (this is known as a "zero-confirmation" transaction).
For example, our service[1] clears transactions in seconds.
Obviously, the security and scalability of our platform is a big part of the value we provide to buyers and sellers.
For now, know that there are a number of measures we take to ensure that the site and users' bitcoins are secure: The site runs entirely over SSL (HTTPS). We protect against CSRF and XSS attacks. The addresses used for purchases are generated offline. Withdrawals are handled separately from the application server. Importantly, sellers can withdraw their balances quickly to the Bitcoin address of their choice. As we scale up, we'll store the majority of sellers' funds offline, keeping enough for transaction fees and withdrawals.
Thanks for the overview. It's refreshing to get straight answers.
Which wallet are you guys using? I've heard good things about armory which make it easier to do hot / cold storage. Keeping withdrawals separate from the application server makes a lot of sense; is this using the SSL protocol for JSON-RPC on a non-standard port, and then closing off internet facing ports for that computer/server?
Are you doing any sort of 2 factor authentication to limit hacked accounts getting emptied?
I'd be happy to email or something if you're up for it.
We built Yumcoin because we think existing solutions for accepting Bitcoin are too complicated. A few people have to built custom sites to accept Bitcoin for their products (eg. Knife Party, James Altucher), but we think the process can be a lot simpler. We host your product, give you a short link you can share with your audience, and manage the Bitcoin payments for you.
There's lots of new features we're working on, but it's already useful and fun.
[1]: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...
[2]: https://github.com/bitcoin/bips/blob/master/bip-0038.mediawi...