I understood this. What I mean is that if you store your private key exclusively on paper, storing it with 2-of-3 secret sharing still leaves a vulnerability when the shares are imported and combined (mitigated by combining in an offline clean computer, but still). If you have a 2-of-3 multisig address, and store the keys for that on 3 distinct pieces of paper, you get more security.
@Meni,
I think you're getting stuck on the idea that I have in some way proposed this idea as a replacement for multi-sig wallets. This is not intended to replace multi-sig. I'm not comparing it to multi-sig. It's nothing to do with multi-sig, at all. 0% related. It's simply an alternative for backing up your regular single-sig wallet. Your single-sig paper-backup has all the security risks you describe, but it's still an important use-case that many users (and maybe even organizations) will use even when multi-sig is available.
Multi-sig is completely unrelated to this, and is still my number one goal for the new wallets. Though, I guess you could technically create a 2-of-3 multi-sig wallet between multiple devices or parties, and each party could back up their own wallet using a M-of-N split-backup... sounds complicated. In fact, I might try to discourage fragmenting multi-sig-wallet backups because of it being complicated (but there's no reason it couldn't still be done)...
Alan, I'm not sure why you keep misunderstanding my comment, despite my effort to clarify it. Actually, I think my mistake is that I didn't notice we're in the Armory subforum, and my comments were more general.
From the OP:
I've been playing around a lot with Armory as an offline wallet, and the one thing that would make me sleep better would be a 2-of-3 series of paper wallets.
To sleep better, the OP wants to have 3 pieces of paper where any 2 of them are needed to access his funds.
One way for this arrangement is to have a single-sig address where the private key is split into 2-of-3 secret-sharing pieces, and printing each piece on a different piece of paper.
A second way for this arrangement is to have a 2-of-3 multisig address, and print each of the associated private keys on a different piece of paper.
As you said, the first method is now available in Armory. That has its use cases (and is what the OP had in mind) and as I said, it's cool.
The second method is not yet supported by Armory or the larger Bitcoin ecosystem. It is a more secure way to use 3 pieces of paper than the first method, and because of this, it will be even cooler when this method is available. That's all I'm saying.
Of course there are many more use cases for multisig and all sorts of crazy combinations you can do. I am not implying one feature is supposed to be at the expense of the other. But using a 2-of-3 address for long-term bitcoin savings is the most important use case for multisig IMO, and I'm looking forward to its availability.