That is pretty much the ideal setup. If you do a colocation and send the server in yourself, which of course has a lot of risk of its own, you can use chassis intrusion detection switches. Many modern motherboards support that. Then you can have the server run some script that shuts down / memory wipes as soon as the case is opened. Additionally you could put the RAM in encapsulation material. Tor via Tor is great for hidden services, at least while they are still allowing it anyway. It should add quite a lot of anonymity for hidden services. Hardware based isolation how you describe is a good way to go about things as well to prevent hackers who root the hidden service from determining its external IP address. Mandatory access controls like SElinux provides are great for server security as well. A lot of modern processors have nifty security features that you can use to further isolate things as well. Of course you need to use a 64 bit OS so that you get the full advantage of ASLR. And you need to pick the right OS, possibly hardened Gentoo would be nice although there are other things to consider as well. I have not heard of a more secure method of hosting servers, I think that is pretty much the diamond standard. Of course you need to make sure you keep everything patched as well, intrusion detection systems can help identify hacking attempts prior to the hackers totally pwning the system as well. There may be some advantage to adding yet another layer of isolation with virtualization, or it might not be worth the disadvantages this brings since you already have hardware based isolation anyway.