As far as I understood the concept, it is safe if used correctly. The keystore should not be located on the server machine. It should only be available to the server on startup. You may place it on a USB-dongle which is removed after complete startup. But you are right in that most people won't do that. On the other hand most people won't need that too.