A setup that user might reasonably be expected to understand could be:  one password to unlock the wallet (whole-file), and a second to spend money (ECDSA private keys).

However...    It remains a PITA with the current bitcoin implementation to perform whole-file encryption on the wallet.  db4 has whole-environment encryption, so that implies an encrypt-everything solution would encrypt the wallet, addr and blkindex databases.

One could encrypt the 'value' part of each db4 key/value pair, by modifying bitcoin's database Read() and Write() methods.  But with the keys being plaintext, I'm not sure that's useful.

With the current implementation, you are locked into a lot of design decisions, where if you deviate you must rewrite a lot of code all over the codebase.

For that reason, I had hoped a patch would focus discussion on what is reasonable with the current codebase, rather than a perfect solution that will never see the light of day.