Even just offering the option to assign one pre-determined bitcoin address would provide an equivalent level of security, even if you did no PGP automation whatsoever. The pre-determined bitcoin address could either be a) withdrawn to directly, or b) for those who know how to sign messages, it could be used to sign a message that permits withdrawal to some other address. All of this could be evaluated in any environment already accustomed to working with bitcoin keypairs.
We could easily add the "limit to one bitcoin address" thing, but there is a problem with the bitcoin message signature process that makes it difficult to implement (last time I checked the bitcoin message signature uses a different way of signing compared to transactions to make shorter signatures, but it's been an issue).
Add optional "withdraw to one address only".
Add 48 hour delay before changing the addresses, during which you'd get two emails, and see a giant warning when you log in.
This should really be an option.
In fact, a user should be able to specify their own time limit, in hours, that they want a withdrawal address change to be delayed. They might set it to 1 hour, or 5 days. A good default might be 48 hours.
The email should contain a link required to confirm the address change.
A person should be allowed to lock their account indefinitely in the event of it being compromised. A "Freeze my account - it may be compromised" link. Perhaps this could be a unique link existing in their original registration email (to prevent just anyone from locking other random people's accounts). This lock could be undone by the person verifying their identification with MtGox support.
The yubikey is good, but not everyone uses it or has one. Even with the yubikey, I am still afraid of a keylogger. The above security procedures would largely mitigate risk even against keyloggers and other malware.
