I never store keys on a webserver for a project involving customer funds. If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
I don't wish to go into too many details on this thread about it, but this box was not public facing.