I always switch to Linux and use a TrueCrypt file container for my wallet - version left at 7.1a before all the "is not secure" stuff, plus the bitcoin-qt wallet encryption password. I know there are more robust solutions out there but I have a small BTC balance and I rarely transact. If someone is determined I'm sure they could get at it but I can't be bothered to take the paper/full cold wallet route just yet. I'm a programmer and the fact that I can't be bothered running through some of the hoops is saying something about the viability of public uptake of bitcoin. The sooner an all-in-one security and blockchain setup comes along which makes it simple for non-technical people, the better.

Re: Tor - To be honest - even though I love the Tor Project (ran relays on an Amazon instance for a while) - I'm not doing anything illegal or noteworthy in my country that makes me think I should be using it. I've transferred from my local bank accounts to a couple of exchanges already so it would be trivial for whomever to figure out I'm in the bitcoin space regardless.