Thanks for your reply Jim - My thoughts exactly. Regarding Android clients (on topic), I was curious if an alternative approach to your (pending, proper) solution would be useful for Android wallet developers.
I may be implementing my simpler approach for the SatoshiRoller app (using cipher streams).
It would be only of limited use. Bitcoin Wallet updates the blockchain in the background, while the app is not "running". It would need to ask for a passphrase just for that.