I had an idea for this concept a couple of months ago when I was thinking about running my own Bitcoin ATM drive through bank.

Run a computer with some kind of secure linux distro. Tiny core would be a good base to work from since its one of the most lightweight distros.(Only 10 MB or so!)

Run the standard stable bitcoin server with every port blocked except the ports need by the bitcoin server.

Tiny core runs completely in memory so if some one were to try and compromise the machine and it lost power then everything would be permanently erased. No trace. In order for your wallet to be recoverable, enable a script that periodically encrypts your wallet and sends it a remote databank, like google docs, drop box, ect. Do not use hard drives.

Install SSH but use key based authentication with a password needed to unlock your private key. This would allow you access to your machine from any terminal on your local network. Disable password logins and make sure the ssh port is blocked from outside access. 

Connect the headless server to your Ethernet, never use a wifi network!

Also connect the pc to a back up power supply and surge protector.

Hope this helps!

PS: I'm thinking about making a linux distro based off of this called SecuCoin. Using microcore+bitcoind+openssh = ~10 MB for the whole OS!

This OS would not have a gui and would need a gui implementation for access from a external terminal.