It's a nightmare I have often.  

I am terrified of keystroke loggers.  The more widespread NXT becomes, the more keystroke loggers are going to be deployed to steal it.  That's a fact.

I am only running my main NXT account on an old XP laptop that I sanitized by doing a zero bit overwrite of the hard drive and reinstalling the OS from a Dell reinstall disk followed by the minimal add-ons like Java etc being brought over on a CD instead of via online downloads.   This laptop is now used for NXT and that's it.  I'm working on creating a second identical sanitized laptop as a backup.  I have a hidden and uncommented local handwritten copy of my random password generated offline on the laptop using Awesome Password Generator 1.4 from Google (you know, the guys that are secretly partnered with the NSA) and another handwritten copy in my bank vault safe deposit box.  

I still worry.

I understand that the user space is unimaginably huge at something like (I think I remember seeing) 10^70 - but still.  One lucky hit by somebody else miskeying their own password under the current scheme, and it's all over for you.  That's a fact, too, mitigated only by just how much luck the thief would need to have.  I've got a degree in math and I understand probability and it still doesn't do much to calm the reptilian fear in my brain.

Is there a separate white paper PDF someplace that goes over in detail from scratch / first principles the entire NXT security scheme and just the security scheme?  If not, there needs to be.  We are going to have to point specifically to that information over and over and over as more and more people come to risk larger and larger sums that the security scheme is adequate - particularly when single colored coins are made that could be worth millions of regular NXT.

So, bottom line, I think we need a security whitepaper PDF and a link to it.