If I have a wallet to run my business, how can it be a good idea to have more than one person having access to the private keys? In this case at least 4 people (owners and zhoutong) had officially access to the key, a dozen others to the server physically and many others had access to root-password-reset-email-account-servers. Any theft is perfectly deniable by the thief if it's any of them.

Bitcoinica can have mechanisms when cashing out that put certain amounts on hold if they look fishy by some metrics but that's application layer and with the unencrypted keys on the machine many people can just circumvent that layer.

If I wanted to do it right, how should I do it? Keep the private keys at home providing signatures to the application after sanitizing? This way I could reduce the access to the wallet from many to one. I could have a fraction of the wallet in each owner's machine or one takes full responsibility. Then the attacker would have to forge legit api requests to sign transactions flying under the radar and the parameters of the radar would not be public. Worst case would be pissed customers waiting longer than necessary and apparently legit cash outs that weren't but that will not sum up to 20k in one day. If one customer cashes out 20kBTC, I call him. Twice. And he will thank me for the nice chat.

On my "laptop" with the wallet I could have a service running that constantly polls a bitcoinica api for transactions to be signed. Small amounts summing up to less than x BTC get cleared automatically, bigger amounts get delayed by an hour for random review and checkpot amounts are put on hold indefinitely until clearing them manually.

This would not require any trust to more than one person and the PC at home would not even require to accept inbound traffic.

... crazy ...