Encryption cannot protect wallets in use, because your legitimate client has to decrypt it anyway. Encryption is good for backups only.
Yep you're right. Even if the client encrypted the wallet when not in use it eventually has to decrypt it when you want to spend from it. AT that moment it is vulnerable to key logger attack and to any nasty viruses that could are residing in memory (waiting for the opportunity to strike). Someone on a different thread (forget which one) suggested that the client implement a unix style permissions system. Maybe also running the client in it's own chroot (something equivalent in windows) would be a good idea. But in the end it's still quite hard to avoid all avenues of attack. My point is that still the more security measures you can implement the lower the odds that some unclever hacker is easily able to steal your coins.
While it is true that at some point the data in the wallet needs to be decrypted in memory the level of security are orders of magnitude higher.
To start with it is much easier to copy a file with a known name and location from your file system than decrypting it, *only in the instant that it is needed which is only while signing a transaction" in an unknown memory location.
Then you have segmented memory protection which keeps memory segments isolated to the process that owns it.
Any existing Trojan or virus can easily be upgraded to copy the wallet.dat file from a know location and transfer it elsewhere, but copying decrypted keys from a memory location within thew time frame they exist is a none trivial task.
Wallet Encryption will add much more security if it is done right.
Yes, well said. These wallet thefts are plain trivial to code for a hacker so that's why they are happening.