I don't get how the 2 machine masternode setup is more secure. If someone can break into either, your setup is toast. And the wallet's security is independent of the machines hosting it -- it relies on the strength of your password & the encryption algorithm. I can't see how the 2 machine configuration helps at all.
Because your master node IP is static, broadcast to the network, and an attacker knows 1000 DRK is on it. Your local machine IP is not listed on the master node list with the 2 machine setup and there are no coins on the server that's running the master node. Double win.
If we could get a port of Armory for Darkcoin you could theoretically do all this with the coins in cold storage. Triple win.
Masternode has to communicate with the node holding the coins, to verify the 1000 DRK are there. So if the masternode can do that, so can an attacker who has compromised the masternode. From there, they just need to break into the secondary node holding the wallet, which will presumably have no better security than the one they already broke into.