I face a dillemma here. How do I get the bitcoin client into a non internet connected machine? This is assuming that you can never 100% trust the computer you're using to download the client. Along each step in the process of securing your bitcoins there is a small but every so slightly possible risk. Heck the client itself could be compromised. A hacker could break into the sourceforge servers and cleverly attach a payload into the official client. Guess how many people would not notice until it was too late.
I think the safest and most paranoid idea I've head so far is to physically print your private keys. I am even tempted to print them on a freaking gold plate!
Are you serious? Maybe use some kind of file storage device to move Bitcoin onto the computer's hard-drive? Or you could download it and then turn off the internet forever.
Printing keys would make them as insecure as cash. It's close to the worst idea.
That's what I eventually will do - use a brand new usb stick on a machine that I feel reasonably sure that it's clean - maybe even from within a vmware image running on that clean machine.
Funny you should say cause a lot of people are saying that physically printing the keys and storing them in a safe is a super secure method of protecting your balance. I worry about what if someone steals or breaks into the safe. I'd think an encrypted USB stick would be better - unless the encryption can be broken via brute force.