Players A, B, and C each put $50 onto "the table". The prize is $100 ($150 minus $50 for the house). Player A wins and B cheats and wins. Both A and B demand you give them $100. What now?

Now unluckily, player A knows a database exploit, so his account gets balanced every time anyone wins. At the end of the week, B and C ask you to pay out 33,000 each, and A asks for 100,000. That's minus 16,000 for you. What now?[/quote]This one's a bit scarier, but again, presumably you don't have your game's database exposed to the internets -- all DB transactions would be made by the trusted server above.
This is a concern for anyone that maintains a database of financial data - you need to ensure you've got a full "paper trail" on all transactions. Once per pay-cycle, before you convert virtual currency into cash, you'd presumably validate all of the transaction trails and ensure they all traced back to initial cash-to-virtual-currency transactions. In the event that someone does inject a phoney virtual-to-cash transaction, they'd also have to inject the whole paper trail of where that virtual-currency came from in the first place, or they'd in effect just be corrupting your DB.

If that's already scary, think about a player gaining root access to your server and creating 5,000 or 10,000 accounts with a few thousand dollars worth of credit in each account. He then withdraws unsuspicious amounts from each. You'll need weeks (or months) to track this back, until then the money will have disappeared in some country where nobody will be able to tell you who the account owner is, or where it has gone.[/quote]This is the really scary one -- someone with inside knowledge of your systems gains the ability to really exploit them despite all the security measures and goes on to defraud you of large sums of money. If they don't just cause corruption or obviously invalid transactions like above, then it's probably an inside job, and a matter for police, just the same as if someone broke into your office and took off with $100,000 worth of equipment.

This last case though is a good reason why you might want to outsource ownership/maintenance over the payment part of such a system. e.g. I'm not sure how betable works, but if we assume that they're the custodians of A and B's bets, and they're responsible for paying out to A or B (and the leftovers to you), then this risk of being massively defrauded is shifted from you and onto betable... which is a pretty sweet deal.

I wonder how pokersites prevent [cheating] tho... I mean I've heard about the rare occurance that someone has hacked into the feed of what cards are coming out of the deck but it really is a rare occurance and I think by now that security issue has been sealed.

A good/fair virtual poker game won't allow the players to predict the deck, but they will allow you to confirm that you weren't cheated yourself.
* Server generates a random deck by shuffling the cards.
* Generate a hash from that deck / encrypt the deck with a too-long-to-crack key.
* Send the hash / encrypted deck to all players before the round.
* Play game
*** Server knows who's turn it is and what actions they can take. Listens for commands from that player. There's no room for players to break the rules, as the server controls the game.
*** When drawing cards, the server tells everyone that it has drawn a card (so they can reconstruct the game later), but only gives the card's face value to the player who needs to know about it.
* After the game, the server sends the initial deck / key to all players. They can compare the initial hash/encrypted deck with the later deck/key and also with the history of the game's events. Each player can now be sure that the server was playing fair and did all of it's random number generation (shuffling) before the game began.

If you want to cheat at online poker, there's two methods --
1) Figure out a key breaker for the pre-game deck sharing step. If you can reverse the hashed deck back into a real deck, you can predict the whole game. You'd probably use a rainbow table here, but I doubt it's really feasible. Plus, not every server carries out this step -- it's only the reputable servers who want to prove they're not cheating against you that do this.
2) Have more than one friendly player at the table. If you're at a table of 4 people, but you control 3 of those people, then the three of you can share information to help each other. This doesn't let you rob the house, but it gives you much better odds of winning a hand than the 4th player (or 2nd real player) has, letting you win their money. Online hosts combat this by randomly assigning players to tables, but in theory, if you wrote a bot that could act as millions of clients, it would have a good chance of meeting up with itself online.