Interesting question! I also wondered how much more security you gain by creating a second user.
I also tried out FileVault which can be choosen when the new user is created. Does that help in any way?

How secure is that?

If you're running both useres with quick change and you are loged in as the second user (where you install your savings wallet) is said user threatend by the other user's (everyday account) vulnerablity ?

Thanks for the assessment! IOW: it simply isn't safe!

Here's the problem with encrypted drives, that people seem to gloss over when coming up with these strategies (FileVault is no exception, if the drive is mounted, the data on the drive is accessible):

The Bitcoin GUI needs to be able to read the wallet.dat file in an unencrypted form.
In order to USE the wallet.dat with the GUI, you have to mount the drive (at which point it is UNENCRYPTED to your user space, i.e. ANY applications you run as you can access the wallet.dat unencrypted).
If the drive is mounted, and you allow something to run as you, it can be easily stolen and having it stored on an encrypted drive is useless.

Encryption, by itself, is not a solution.

Should you encrypt it?  Sure, I store my wallet.dat in an encrypted volume on my Dropbox.  However, that only protects it from someone getting into my Dropbox and stealing it.  It doesn't protect it from me getting a trojan, spyware, etc. on my local computer while I have the drive mounted.

If someone gets access to your machine as root, they can wait for you to login to the secure account next time and easily copy the wallet file.

If someone gets access to your machine as root

what exactly does this mean?

Well I was also corrected by Rob. P who points out that the Bitcoin client can only ever interact with an unencrypted wallet.dat
I think it's quite secure as a means of storage - pretty much requiring physical access or a brilliant Mac Trojan. But I don't know much!

It's UNIX terminology - basically meaning that you have access to everything.

Thank you all for the comments.

I'll create another wallet with a fresh linux install on another machine, deleting it from the hard drive and storing it on usb's.  I'll make a long-term savings deposit here and check it on the block chain explorer.  PITA, but from what I'm hearing in this thread it's not avoidable for true security.

I'll keep my everyday wallet unencrypted and accessible in my everyday user, and my smallish savings wallet under my 2nd user.  That will give me 3 convenience levels, 3 security levels.  I'll divide the balance between them and the exchanges and mybitcoin.com as my risk tolerance and laziness dictates.

+1
I think this is a pretty good start for Mac users. There are extra points for simplicity as there are new risks with complexity as dealing with manual encrypt/decrypt of wallets etc on linux or other unknown environment. When you are not logged in to this special user, OS X TimeMachine will back it up as well, in the encrypted form. (in addition to your unencrypted USB drive you should keep in your safe deposit)

Extra note would be to never log in as this user when you have a WiFi connection to internet. Do it at home via cable and behind a decent firewall. Note that you can have a "smaller" wallet in your normal user account.

I would say "just create an encrypted disk image" is not as safe as having a different user and cold start into the safe user to transfer coins out of your savings wallet. Staying logged into your ordinary user invites any active processes (sniffer and keyloggers) to access the mounted drive, and also makes it harder to have two wallets.