Wow... just wow.
I thought you were better than that.
I never store keys on a webserver for a project involving customer funds. If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
Hmm, do you mean that the outgoing transfers should always be done from separate server manually? So no automated transfers?