This Hacker News discussion has good comments for securely storing data for an app. The best approach has multi level encryption, compound keys, keys stored in RAM, and decryption being performed on a separate server that is accessible via firewalls and web service interface.

Link: To expand on this a bit, absolute security for encryption just doesn’t exist. | Hacker News via news.ycombinator.com