We have developed a workflow that allows the client to be in total control of their private keys. At no point does Airfoil need to view, or manage your Tezos private keys to run a baker for you.
When under load, funds in the baking account are periodically used for deposits. These funds are locked into the Tezos smart contract and are returned when the baking of a block or endorsement is finalized. A properly tuned baker should only have a small amount of funds free to spend from the baking address, they should either be delegated or serving as a deposit. Idle Tezos is never a good thing!
Please inquire for more details on how we mitigate private key risk.