A yubikey or similar one-time-password (or even out-of-band authentication like an SMS code to your phone) only protects against rudimentary keylogging malware or phishing.  And it only protects the online account where you store bitcoins (clearly doesn't protect a locally stored wallet on your PC).

The problems with this for an online wallet include:
 - man-in-the-middle can get your OTP and password and take over your online wallet
 - man-in-the-browser malware can get your OTP and password and take over your online wallet
 - a hacker can still break into the online wallet service and steal/copy your coins (there are mitigations to this that online wallet services can and slowly are implementing)
 - bitcoin-specific malware can wait until you log into your online wallet and then do a session hijack to allow an attacker to basically become you and be logged in.

For protecting a local wallet, the bootable Linux approach (either on a USB stick or CD) is the most secure.  Store your wallet in an encrypted file partition on a flash drive (you could use a hardware encrypted drive like IronKey or MXI), and inside there, use TrueCrypt to double encrypt your filesystem which contains your wallet.  This is a highly secure approach using both physical crypto, software crypto and a clean OS that is reset every time (because you boot from a CD image).

Not sure how practical this is unless you have LOTs of bitcoins to protect!  And in that case, you should split them up into multiple wallets on different storage devices.