They would not know the server seed, so that would not be a vulnerability. There would be the client seed, server seed and then the server seed would be hashed using a random number generated by random.org. This would make the game provably fair to investors. There are many proven true random # generator sites out there besides random.org also
Why don't you just use as a salt for each roll a random # generated by
http://www.random.org/ or another true random generator site (this one uses atmospheric noise I believe)? Wouldn't that close any loophole for the operator or someone who has compromised the site and can see the server seeds to cheat?
I'm not familiar with everything random.org has to offer.
But is it probably fair? Is there any way I can prove to the player that the seed that made them lose was fairly chosen by random.org, and not carefully calculated by JD to make them lose?
It wouldn't change anything unless random.org were told the bet in advance, recorded it and disclosed it - as otherwise you could change what you bet once you knew the result from them. And if they recorded the bet BEFORE revealing the random number then suddenly we have to start trusting that THEY aren't betting and exploiting it.
Beyond a certain point investors just have to trust - not just in this but in many investments. How do investors know mining companies who have a machine break down didn't swap a good one for a bust one of their own? How do investors know an investment/trading funs isn't creaming off cash by buying/selling from alt accounts? etc.
At a certain stage people have to stop worrying about things that are only detectable from statistical analysis after the fact. Short of having a 24/7 live video feed it's hard to stop or detect a lot of types of fraud. You have to either be willing to assume some degree of good faith or just not invest.