Private keys are never held by the third party server side. Payments have to be approved by Green Address itself. A positive in some way as it provides the same restrictions as traditional banks on large transfers.
Green addresses was a proposed use of special trusted ECDSA keypairs that to indicate the origin of funds to a recipient. Assuming the recipient trusts the operator of the keypair to not attempt a double spend, the recipient may treat the funds as confirmed the moment they arrive. This proposal is generally considered a bad idea and not advisable to implement.