While I'm a complete n00b to BTC as of yesterday, I do know a thing or two about public/private key encryption.
backing up on physical media is of "NO USE"
[88bitcoins]: I'm assuming because if the same file is on your OS then it's not "protected" whether or not you have a physical backup elsewhere.
Correct. If the unencrypted "wallet" (read "key") exists in a vulnerable place, then it doesn't matter how securely you back it up. It's like keeping a copy of your house key under your mat but making a "secure" copy regularly. A burglar can simply check under your mat, regardless of how securely you keep the copies.
QUESTION: is there any circumstance in which making a physical backup would be beneficial? It's certainly easy enough.
I can think of two valid reasons for separate physical copies. The first is simply to guard against data corruption, drive destruction, etc. The second is to keep the "secure" file only on media other than your hard drive, created and saved in a "secure" operating system.
Keeping at least one backup is a good idea. Just remember that the *least* secure copy of your "wallet" (read "key") is effectively the only one that matters for security.
Encryption does not "protect [you] from all evil"
[88bitcoins]: I'm assuming because it can still be hacked and/or encryption doesn't protect from greater dangers such as your hard drive dying and the wallet cannot be retrieved, your laptop is stolen to be sold for $20 on the street.
Hard drive corruption/destuctions/loss is why it's good to keep a backup copy on another physical medium. Note that having your drive stolen with an unencrypted wallet means that wallet is forfeit, unless you happen to transfer all BTC out from that account to another using a backup copy before the "bad guys" get to it, first.
[QUESTION]: is encryption still recommended?
I can't speak much on local encryption, as I've never personally had anything worth the bother. But if you have a keylogger on your system, then encryption probably isn't worth crap once you type in your password.
So in order to (protect) your BTCs, you have to create a "new, untainted address, in conjunction with the wallet.dat that you deposit".
The point is that any "wallet" (read "key") that has ever existed in unencrypted form on your computer (which may have keyloggers, trojans, and the like - regardless of whatever your anti-malware software says) could potentially be compromised. The suggestion of using a bootable linux distro so that the "wallet" (read "key") file never touches your potentially tainted system is pretty good, if a little hardcore. But if I had 25k BTC, that's probably what I'd do.
QUESTION: (I may sound naive, but I have to ask) do I go into my bitcoin app, then create a new never been used address, then send what I have to this new address, i.e. to myself? THEN, back up both that new address and my wallet.dat file together? And additionally, each time I want to do a backup, create a fresh address?
As soon as you create a "wallet" (read "key") in your (potentially compromised) operating system, then your wallet is already potentially compromised. Remember: securing one copy doesn't secure all copies. Only if *every* single copy that has ever existed is secure can you consider the "wallet" (read "key") to be "secure".