One of the suggested security precautions when storing Bitcoin of users on a server is to store the private keys on a separate server:
The database storing the private keys or the seeds in case of HDwallets should be running on a separate instance and only accessiblevia the application server(AWS allows lots of configuration you canmake in the virtual private cloud i.e. VPC to accomplish this).
I understand that if the PK is stored on a separate server then that server would also need to be compromised in order for the security of the actual keys to be compromised. However, since presumably, the main server will be sending withdrawal/transfer requests to the "security server" what stops a hijacker from effectively liquidating the entire wallet balance by using the main server to forward requests to the security server? In other words, what is gained by adding an extra server to the equation if the security server is expected to "honor" (and sign) requests it receives from the main server?
