It's not like this is a new concern.
The correct solution is to point people to an SPV implementation like MultiBit (note: NOT a hosted wallet). It's not being done by the official bitcoin.org site yet because there are still some issues with MultiBit that are fairly important and need to be addressed. Once that's done we can think about changing the default recommendation (which will be a fairly long and tiring debate).
If you care about this, go ahead and write patches for bitcoinj, as that's where most of the problems lie.
Blockchain.info's my wallet is much safer, with 2 factor auth. The only way someone can steal your coin, is if while you are logged into blockchain.info, your computer gets taken over by someone else. Otherwise, there's no way you can lose your coins. (well I guess the only other way is the owner himself has gone rogue, unlikely.)
This.
It's also very easy to create a safe paper wallet with Blockchain.info website when disconnected from the web. Then only redeem the private key when needed. No need to download the whole blockchain.
https://blockchain.info/wallet/paper-tutorialThe webpage need to be updated but you can ask the forum if you get a problem for creating your offline paper wallet for safe storage.