Hi Nym,

It is veering off topic but to answer your post...

Encrypting the whole wallet would certainly work - you could use the org.multibit.crypto.EncrypterDecrypterAESScrypt to do it.

The disadvantage is that you would not be able to do the 'routine' things like adding new transactions as they come from the network without the passphrase ( as everything is encrypted). I've gone with the approach if just encrypting the private keys - same as bitcoind - so that you just need the passphrase for sends and key management.

You could combine the two approaches - for instance the blockchain.info double encrypted backups have the private keys encrypted with AES and then the whole JSON structure is encrypted with another password to make it opaque.