I suggested one of the Bitcoin ATM guys to use two boards. One board is
connected like normally to networks and accessories and the like. That one
board also has a custom connection to the other board. The other board
contains all the secrets and performs all the important functions. The one
board just communicates.

The advantage is that once the big bad guys crack your baseband, your
chipset, your system on a chip's trapcards, etc. your secrets are still
safe. If you sign all the packets that pass through the communication board
you can truly abstract away from almost every possible hack that both the
boards could be vulnerable for. (Do you trust your silicon?)
