I'm afraid this isn't really a question that we can answer in black and white. MultiChain works well with either way of doing things, and you need to consider carefully your security requirements.
One possibility to consider is using 2-of-2 multisignature addresses, where the two private keys are on different servers. Then two servers would need to be compromised in order to create transactions on behalf of a user.
Tutorial on multisignatures here: https://www.multichain.com/developers/multisignature-transactions/