I think even with a 24/24h VPS or PC, it’s a bad idea to keep private keys on a online system with a software that can interact with them. Basically this will create an hot wallet with unencrypted keys.
It would be a little more secure if you can send sign the transactions in another place (eg. dedicated hardware wallet connected to the PC), it will protect the keys but it can not prevent signing unauthorized transactions…
It really depends about the product. But avoid exposing the private keys if possible, in a system running without direct user control/supervision. Working with private keys must, in my opinion, be allowed only with direct user interaction.