I think the part she really got stuck on, the part where I couldn't give a good enough answer, was:

"Well if I have to enter my "password" to spend it, then somebody is gonna be able to see it, right?"

Of course, this perspective is coming from the way that we trust a centralized party, who stores our password, to log-in to an online account of some sort, where it is decently likely that the centralized party does indeed know, or have the ability to retrieve, one's password.