Wow... just wow.
I thought you were better than that.
I never store keys on a webserver for a project involving customer funds. If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
Hmm, do you mean that the outgoing transfers should always be done from separate server manually? So no automated transfers?
Well he didn't mean that but yes a cold wallet with batch processing is another option. I would point out that even if a hot wallet is needed, if the hot wallet wallet had say 10% of total funds then 90% of the BTC would still remain right now. The attacker would have stolen ~2,500 BTC not 25,000. If using a split wallet like that occassional the hot wallet can run out of funds and clients will experience a delay.
There is no single solution which meets the needs of every single service provider. That being said having a hotwallet with 100% of the funds is simply inexcusable. More than anything else it is sad. Bitfloor was growing rapidly and was a great source of liquidity outside of MtGox (which is important IMHO). It is destroyed now and honestly shtylman is better than that.