If I wanted to I could have my computer running a VPS with 13 GB of ram aloted and close all ports with outbound requests only. I could then use that Virtual machine to run the wallets. No ports being forwarded or any direct communications from anything. The servers decide their job based off of the Mysql Database they are connected to through a virtual network that is hub and spoke managed.
Its actually a little more complicated because if your webserver has access to the MYSQL db, then I could hypothetically just go and make changes in Mysql and take all your funds. You need to think how to ensure that even if I get access to the Mysql DB connected to the webserver, I shouldn't be able to cause any damage financially.
How could you make changes with a SQL user that has no write access to any of the finance tables nor any direct access to methods manipulating balances? If you were to read the description on the front page it clearly states that the SQL gives no permissions to the front-end except to view user information and to view balance information. IT can submit a request to be processed by the back end server that is structured like
create/trade/5/1000/100/5 and is signed and encrypted. Even if you managed to figure out the signing and encryption the backend servers do another check to verify the trade is even allowed to be created.
The servers all are on a closed network with communication enabled ONLY to the SQL database. Each server has its own SQL user with its own permission.
To even prove that you lacked the true effort of reading here is an excerpt from the main page:
[The webserver must only be capable of reading information and relaying commands without having any
direct access or direct command of the wallets. Any transactions believed to be taking place on the website are
in fact not taking place on the website. The users input is checked and their balances verified; Then the
system puts forth a structured request that is then processed by the Wallets server.]
ANOTHER THING IS you can't just change a balance on this. If you change the balance on any transaction the system comes to a halt (because it detects that there is an discrepancy between the information inside the account balance and the signature for the transaction that has been changed) NOT ONLY does it know that it has been changed, but it knows what it was changed from. So through a type of persistence I can also keep transactions from being deleted.