Public key encryption with keyword search (PEKS) provides secure searchable data encryption in cloud storage. Users can outsource encrypted data and keywords to a cloud server, and search target one without disclosing sensitive information. To achieve resistance against off-line keyword guessing attacks, existing practical PEKS schemes employ independent key server(s) to assist users in producing keywords to be encrypted (called server-derived keywords) in an online manner. In this paper, we analyze server-aided PEKS schemes and reveal a potential threat: vulnerability against subversion attacks, where algorithms in server-aided PEKS might be maliciously implemented to undermine security. In a subverted encryption implementation, a subliminal channel is established to control randomness generation such that biased ciphertexts covertly leak plaintext information. We further present a specific subversion attack against generation of server-derived keywords to violate keywords' confidentiality. To address these issues, we propose SR-PEKS, a subversion-resistant PEKS scheme based on cryptographic reverse firewalls (CRF). In SR-PEKS, CRF sanitizes outputs of server-derived keyword generation to resist the presented subversion attack. CRF also participates in a collaborative randomness generation protocol to yield unbiased randomness for encryption, thereby eliminating the subliminal channel. Provable security and high efficiency of SR-PEKS are demonstrated by comprehensive analyses and performance evaluations.