I'm thinking about this problem. What if I have to manage sensitive data (i.e. health data), and I use a managed server?
I'd use encryption of course, but if they have root access they can see conf and source files, so they can know encryption keys.
What would you do, on a Linux environment and PHP scripts?
Could I write the interface that encrypts/decrypts and "compile" with hiphop?
Well, the hard truth is that if somebody has physical access to your hardware, they basically will find a way somehow. Using encryption is still worthwhile in that it will slow down attacks and prevent "casual" release of data, but as long as you don't control your own hardware, you're limited.
In the business world, this is covered by contracts and certifications which are backed up by audits. For example, Amazon's EC2 has a laundry list of accepted data protection standards..
I don't think that it is possible to protect sensitive data without having your own unmanaged server where you control the hardware, in other words we are talking either collocation or your own data center.
Even running a compiled program can lead to the key being exposed. An example is TrueCrypt while offline it is perfectly safe and extreemly hard to break into. The problem comes when it is loaded to memory, getting the correct location you can get the password if you run a program on the same machine designed for that.
So in short, you may be able to protect it somewhat but, I would still recommend unmanaged collocated machine.
