I would urge some caution with regards to backups. If there easily accesable from the site then if your site is hacked then they are easily accesable to the hacker. It is a common overlooked area and can also be a weakness that I have seen in many hosted/colo sites were they have all the servers isolated and yet still linked via some all singing all dancing backup server.
Yeah, that's something I considered pretty carefully. The backup server is completely isolated from the rest of the network, it pulls the backups via ssh/rsync using a special user account that only has sudo permissions for the rsync command (and can only authenticate via ssh certificate). The only way to break the backup server from a compromised server would be to replace OpenSSH on the compromised server and then wait for the backup server to connect -- and then try to somehow break rsync.
