I ran across your bot on twitter (I periodically search for likely outputs from trading bots on twitter so keep tabs on the 'opposition'); this looks like a pretty competent outfit. If I ever find a bot that I think's better than mine, I'd cheerfully switch to using it.
Given that you are going to be opening it up to users, presumably users will simply have to trust you with their API keys?
The twitter feed has been down for a few days so I can test some new features, but glad to hear you found out about Rollerbot through Twitter.
Yes, you are most correct that there will have to be a level of trust from users, this is inevitable. API keys will be stored in encrypted form in the database to protect them in case the database were ever dumped somehow by a third party (even though security is top priority, I must also consider all possibilities for protection of the userbase). Rest assured that I have no interest in breaking the trust of future users. Aside from that, most exchanges don't allow withdraws from the API anyways.
Thanks for stopping in