> So it does require the private key to your hot-wallet to be on an always on, networked machine, right?
No. You can have the private key in an offline hardware wallet like Ledger, with the lightning app on your machine waiting for the device to sign it.
> And the hotwallet and lightning channel can only transmit, across all channels, as much as is in this hot-wallet, and each channel has a potentially higher and rising transaction cost to open as lightning network will generate more transactions to the blockchain, not less. So you can keep your cake safe, or eat it, but not both.
Let's break this down:
>lightning channel can only transmit, across all channels, as much as is in this hot-wallet
No. Each channel has its own limits, and there's no limits to the number of channels you can open.
> each channel has a potentially higher and rising transaction cost to open as lightning network will generate more transactions to the blockchain, not less
If you want to open a lot of channels, yes, each one will incur a blockchain transaction. Keep in mind though that you don't need a channel per payment/per payment provider. Payments are _routed_ to your recipient via the network, in up to 20 hops, so you don't need to have a channel open to your recipient directly.
Also, in theory this should lead to _lower_ transaction fees on the network, not higher. Lightning transactions need to be segwit by design, so there's a 75% discount to each transaction. Since each channel can have an unlimited number of transactions on it, this should lead to a massive number of transactions moving out of the main blockchain into LN channels. Additionally, the channels can be opened whenever you want, so you don't have to wait till you're paying for your coffee to open the channel. If you don't mind waiting for a few blocks, you can open the channel for cents.
We don't know how this plays out in practice, of course, so we'll have to wait and see.
Edit: formatting
