Points well taken
jayroom. I agree, it's not a perfect set-up. The bottom line is that I doubt one can develop a completely ironclad system, as many discussions here at the Monastery will attest to. I think of security as a layered affair. I used to hard code my DB passwords right into the script, so, I'm doing one better here. I don't think there is any one silver bullet. The more barriers you put up, the harder you make it for the nefarious crackers to get in. Hopefully that is not too naive.
I was thinking about my e-commerce sites, and combination of the secure certificate, the remote keys, and wondering if scenerios like that are workable. It's a good discussion to keep going—I'd love to see a definitive answer so I don't feel like the little boy sticking my fingers in the latest leak in the dike.
—Brad
"A little yeast leavens the whole dough."