Okay, after re-reading my post I can see that in a GPG scenario root could quite easily get the PIN simply by running a different script to access the gpg-agent. In my SFTP scenario, the thing I am protecting is the ssh key, and that's a lot easier to do.

Perhaps you can keep your PIN in a database with access controls in place. But a compromised root account can make protecting something on disk extremely difficult.

I will be watchiing this thread with great interest.

Update: removed extraneous punctuation