With the recent hackings I think that bitcoin does need a wallet.dat that is encrypted in the client and not something like file system encryption that truecrypt would bring.  The problem is that when you have the client open which you need to have to open to send bitcoins the wallet.dat is unencrypted to the Operating System during that time.  It would be better to encrypt the wallet.dat with a secure password and then only load the keys into memory at load time.  I know that if the system is comprised the attacker could probably read the memory also but this would make it more difficult then just creating a virus that copies wallet.dat to some other comprised system on the Internet.  The key should also be stored at different locations in memory to obscure the location of the keys on boot up.  Obviously the owner of the bitcoin should keep their password in a secure location and have multiple copies of the password and wallet.dat to avoid losing their bitcoins forever.

-Dukejer