But encrypting a wallet.dat creates 100 new keys in a keypool, so I'm not so sure it's a good plan to decrypt it for use, then encrypt it for storage. If you google things like encrypted wallets bitcointalk, you'll find people complaining about this. I could have sworn I read people dealing with wallets that had completely different addresses encrypted compared to decrypted.
I don't see how encrypting a wallet causes new keys to be created. Can you provide a reference to specific examples of this being discussed? I could not surface anything in google on this with the terms you suggested above.
Also, if you're going to use a wallet.dat for offline use, a wallet.dat from bitcoin-qt isn't a deterministic wallet, so once 100 addresses are used up, and they will be due to change, the offline won't be keeping up with the keys getting created online, or something like that. It's quite complicated, I still don't understand it myself.
Well, you should backup wallet.dat more frequently if you are using it for a lot of payments and therefore receiving a lot of change, which forces new keys to be generated as you burn through the first 100.
This is not an issue though if you are only using the wallet primarily for cold storage.