For server-side, how about password DB implemented as hardened information appliances? This would make the acquisition of the password database harder. White-box techniques could be used to hide a modified salting technique, making cracking much more labor intensive. Such a service could be offered by cloud and virtual server providers, perhaps for a small additional fee. (Which would still be almost all profit.)