The security measures you've described are implemented at the application level, which means you're still trusting that each coin client will do the right thing wrt security. (Whether it be a deliberate backdoor, or an exploit). You should still look into a more restrictive container or chroot based solution to run your client, to minimise the effects of a compromised client. Perhaps also a separate hardware firewall connecting your different servers, so a partial or full compromise on one cannot be used as a launching pad to access another server on the local network.

I would also considering disallowing direct RPC access, and perform all actions via an intermediate API, which only permits abstract actions such as confirm deposit to X, or withdraw to X, possibly communicating with another backend server (eg "does account X have at least X funds available") to audit the API request.