Ok, I had this thought for a while and I finally decided to act on it.
I created an account which will be the holder for my SP, for my main account at least, if I won't extend it for others too. Other than that, it will be an inactive account.
How does it work? The process is more complicated, and I wish it were simpler, but in a few words, I will start moving my SP to this account and delegate from it to the main (and active) account. This introduces a new layer of security, but also a bunch of troubles for me, and you will see what they are, as I describe the process below.
So, the first step was to create the SP holding account. That was the easy part.
I'll now move the liquid funds from the main account which I want to power up to my SP holding account (after I previously will exchange SBD to STEEM for that). The powered up SP will be delegated back to my main account.
Then I start a major power down on my main account. As funds are powered down, I move them to my SP holding account and power them up there. Then I delegate them back to the main account. UPDATE: I also routed the withdrawn vests to my SP holding account, to make it make it more automated.
What do I do with my delegations from my main account? That can be a little tricky, and will act from case to case. Right now, nothing. In the future, as SP builds on my SP holding account, some of my delegations will be done from there. I say some, because I believe there will be an issue on some projects which provide upvotes for delegation. I will contact the owners to see if it's possible to accommodate my particular situation, but unless it's very easy to make the switch at their end, I don't think they'd be interested to put in the work to provide support for such a situation, which is not common.
Another issue I'll have with curation rewards, which are SP only and no way to set a beneficiary for them. For author rewards, I can set the SP holding account as the beneficiary, but I'll have to think about it, or make it a partial thing, because I will need some liquid amounts of STEEM for my monthly giveaways (and other potential expenses).
The simplest solution I came up with under the circumstances is that from time to time, when some decent amount of SP builds up in the main account, to power it down and move it to the SP holding account, where I will power it up and delegate back to the main account.
One final step that's missing here. I will need to copy the witness approvals from my main account to my SP holding account. I might check to see if I should change anything in the list while I'm at it. Then I will set my SP holding account as a witness proxy for all my other accounts, including my main account.
Why am I going through all this trouble? Well... as I said, an extra layer of security:
- the stake would be delegated, which would mean another 5 days to return before it can be powered down by someone who gains access to the account (and yes, this is my stake, not intending to buy more, not intending to sell anything, no matter what)
- the SP holding account will be used only on wallet apps and briefly, it will be mostly inactive; minimizing risk of misusing the private keys or of being accessed after a site is hacked.