Yet.
If the host knows the private keys then an attacker who seizes controls of host seizes control of the private keys.
So what if the host never knows the private keys?
Host: v0.0.1.1238
Module: v0.0.1.608
Runtime: v4.0.30319
Initializing BSM with root key to form deterministic seed.
Host: 'Initialize(ZOpK/CiAP/aU1HlNOiJxeyCD8MUI/Zf1xCDFtOJPpGU=)'
Module: 'OK'
Verifying root key (module should return SHA256 hash of Root Key)
Host: 'RootHash()'
Module: 'E9o5VWDsusAWOTf5lVPHWI13YeMCXJ85S+SYqFfW6Lc='
Requesting a new address
Host: 'GetAddress(1)'
Module: '112ypupfk6upHCL65NhqNhtv9RBwW1jR1w'
Even storing private keys (and fund control rules) into hardware device isn't 100% secure but it should raise the bar substantially. All major robberies to date have been "smash and grabs". Once attacker gained access to the server he simply copied the private keys to a client he controlled and transferred the funds.