If you run your mail reader on the remote machine, your email has to exist in decrypted form on the remote machine while you compose it or read it. Is it safe to ever have your mail decrypted on the remote machine? If not, you need to run your mail client locally anyway.
If you feel like that is safe, then I guess you have to think about what else the key is for. Besides reading your mail, an evil person with root access on the remote machine could sign messages as you, and generally use your key for whatever else you might use it for. Are you worried about that kind of thing?
I guess it depends on how much you trust the remote machine. Maybe it's possible to use SSH tunnels to keep all computations requiring your private key on your computer, sending the results to the remote machine? For example, if you want to sign something with your private key, the remote machine will compute the hash of what you want to sign, and send it to your local machine. Your local machine will compute the signature using your private key and send it back to the remote machine. The only problem with that is you need a way to make sure your tunnels are secure.
I was actually thinking of something just like that the other day, for passing secure data around for RPC en/decryption. It seems like something that would have been done already, if it were a good idea. So, do you know of anything to do just that?
have a look at factotum, it's a sort of general purpose ssh-agent tool. it's developed for plan9, but we could probably move it over to *nix, maybe graft it on PAM and teach it to speak gpg-agent along with ssh-agent (which it already knows).
then you've already demonstrated that you trust the remote machine enough to type your passphrase into it (and probably into a gpg that someone else provided!), so leaving the key there will probably be fine.
If you're also considering
Do all of my gpg things on a local machine I trust
then you might sleep better not having the key on the remote machine regardless of real risk.
You might also like to have an ok key and a really-well-trusted key, and keep the really well trusted key to yourself.
Of course, no matter what, you want to store the revocation certificates for all of those keys somewhere else entirely.
Personally, I leave my personal keys where they're convenient (work keys stay on work systems only), and keep revocation certificates on a CD at work and at home.
I don't trust administration of the UA machines at the UW, or the cac machines I use. I share root on enough boxes (no UA ones though) to know how vulnerable my password and sessions are.
My solution when I was still using a Linux laptop was to run pine locally with pgppine (or was it actually gpgpine) against the UW imaps servers. You'll probably need pine compiled with the GSSAPI and the SSL/TLS options.