To prevent a website hack from emptying the "front line" wallet, it may be best to write a very simple API that runs on the bitcoind machine, sanity checks any spending requests from the web site machine, and if valid invokes bitcoind locally.