Sigh, so I'll repeat myself: encryption won't do shit, since the file has to be stored decrypted in RAM in order to be actively used. So only a sterile system will guarantee safe interactions with your client.
+1
After my righ pays off, buying a small crappy netbook just for the client, plus wallet stored on other locations too.