Possibly another option is to have the wallet encrypted with a very strong password, burn the wallet to a CD and then move it to another cleanly installed machine/Ubuntu USB flash drive. From that second machine you would never sign a tx or message. View only. The decryption key would never be released into memory.

I prefer the reference client to other implementations. Offline tx would be nice.

You could spend your coins offline the hard way - disconnect that second instance from the Internet (never to be connected again), sign a tx, burn the wallet to CD and copy it to a third clean instance. Once the third instance has the full blockchain it will broadcast the tx.