I studied lots of valuable q&a here, but still I have some doubts.

Case - simple game (calm down - I'm not one of the rookies creating exchange as seen here), which allows to pay for a game. The character of the gameplay forces us to create virtual balance for each player and create payouts on daily basis/request.

What's done:

• compiled bitcoind client is running on encrypted wallet in background
• creating in advance pool of addresses
• assigning free address to registered user
• listen for incoming transactions/confirmations
• on 6th confirmation we add transaction to user balance

Where I need guidance / pro advice:

• strip my runnning bitcoind client with wallet from holding private keys (I've read about it but don't know how to achieve it properly)
• many guides advice to run bitcoind client on other machine - but how to setup secure communication between two machines (vpn?), if someone gains access to game server, it doesn't matter where client is located (right?)
• as private keys are stored away, how I can deal with payout requests? Are there known practices in that field? I've read https://bitcoinsecurityproject.org/SecureApplicationArchitecture/, but can't imagine real world example/process

Last but not least - if users send coins to private addresses created in one wallet, which private key should sign a transaction? As you probably see, I'm confused with some "basics" after research here :)

EDIT

I found steps to sign transaction offline (http://people.xiph.org/~greg/signdemo.txt) is it preferable way in real world apps?