My "working wallet" is GreenAddress.it. I keep less than 2BTC there - enough to buy something substantial if a deal arises, or to sell some Bitcoin face-to-face to someone who is interested in getting involved.

All of my savings are in long-term cold storage. I have custom 3d printed objects with my protected public and private keys and corresponding QR codes. Those are BIP 32 HD wallets, so I never deposit to the same address. The physical keys are BIP 38, so you'd need both the root private key and the passphrase to matter.

Finally, I may or may not have multiple passphrases used for the same private key. If the time ever came where I was forced to reveal my passphrase, an attacker could not be sure that he'd gotten all or even most of my reserves.