Since currently the wallet is not encrypted, if someone steals a computer or if a hacker gets access to a machine; they can copy the wallet, then spend the wallet immediately. Encrypting the wallet is a step in the right direction, and it gives you protection against theft of the computer and a hacker who has only has intermittent access to the computer. However, even that is not enough because if a hacker gets continuous read access to your computer they can wait until you decrypt your wallet to run bitcoin and copy the wallet at that moment.
In my opinion, having bitcoin read and write to an encrypted wallet is the single biggest improvement that could be made at this time. Even reading and writing to an encrypted wallet would not stop a hacker who has continuous read access and a keylogger, however it would protect from theft and from a hacker who only has file read access.
Security is always about building several perimeters of defense. Of course the encryption of wallet.dat does not solve all problems, but it does add one level of difficulty for the attacker. People do not usually create passwordless GPG keys, why would one do differently when currency is involved? Also having separate encryption keys for different accounts in your wallet would be another way to even further complicate an attacker's job. The bitcoin client definitely needs some of these features badly.
As for the main post, I vote #1 and #2 to start with..