Dang. How about if when the bitcoin client boots up for the first time it gives you the option to print out a crypto pad. This is akin to a cheap form of two factor authentication. Each crypto pad is of course different.
The crypto pad will have to remain in memory so the bitcoin client can use it to decrypt the wallet. Again, the trojan can get the wallet from memory after decryption by the bitcoin client or it can get the crypto pad from memory and use it decrypt the wallet itself.
Similar strategies to defeat other two-factor authentication methods. If there's a malicious piece of software on the OS, you've already lost the war.
Spend the energy keeping trojans from getting in your base in the first place.