If we can't trust the website giving commands into the hot wallet, [edited:]how can we trust that same website to collect and offer the hot wallet valid and intended commands to pull?
You never fully can trust it, but you can make it more difficult for an attacker by having the hot wallet independently check the incoming commands for deviations from normal patterns which could indicate the website has been compromised.
At the cost of requiring more manual human action you can add more safeguards, like requiring customers to pre-register their withdrawal addresses and transferring a list of valid addresses via sneakernet to the hot wallet every 8 hours. Now an attacker can't break into the website and send the hot wallet a command to withdraw all the bitcoins to some arbitrary address because that address won't be on the authorized list.
I am not really convinced that you cannot set up the system to be trustable.
For example if I base sending out of bitcoins on my having received bitcoin-tokens in a certain account, then it looks to me as if the only way I can get those tokens arriving in my account (and thus triggering a send-out-coins request) is if the hacker has the private keys of a user who has bitcoin-tokens. Those tokens in turn could only have arrived there through a properly signed transaction, and the signatures go all the way back to the account that actually issues the tokens. The whole point of all this signing is so the server does not actually have to be trusted...
-MarkM-