It is impossible to fully secure modern computers because they are too complex to fully understand (top-to-bottom) yet are not formally proven correct at each abstraction layer. In fact, since at least 1996, the trend has been to hide implementation details from the end-user. I personally think that the computer industry won't be mature enough to sustain a stable crypto-currency for another 150 years.
There are two competing security concerns when talking about the wallet.dat:
- Security from attackers who want to spend your wallet
- Security from data destruction
Encrypting the wallet.dat by default will help protect against the first security concern, while making the second one worse.
I plan on using full drive encryption, as well as an encrypted back-up. The passphrase would be written down in two locations. The back-up would be stored in a safety-deposit box and never move with the decryption key, though I may store it with the decryption key (in the safety deposit box).
BTW: for secure encryption, the term is
passphrase, not
password. Passwords are simply not long enough. A passwords made up of random ASCII numbers, letters, and symbols has about 6 bits of entropy per character. I have seen it reported that a 12 character password is "enough." That works out to about 72 bits of entropy. 64 bits of entropy can likely be cracked by a fast computer within a year. 72 bits increases the difficulty by a factor of 256. 128bits is believed to be computationally infeasible to even count during the lifetime of the universe (energy constraints). If your password was ever published at any time during human history, the entropy is probably less than 64 bits (I don't think more than 1.84x10^19 words/phrases have ever been published, even on the Internet).
