OK, it's a big old thread and I've not read it all, so apologies if this point has been made, and apologies if it reads like flamebait, because it's not...
...but I think this thread, whilst useful, is alarmist. Unfortunately, right now, if you don't already know how to build the 'clean-room' Linux environment (and why) described in the OP, you're probably likely to make a mistake following a procedure which will be unfamiliar, and end up with an at-risk wallet.dat. However if you *do*, then you probably already have done (if you have enough BTC to need one).
A complicated methodology that 80% of users follow incorrectly will either leave a false sense of security (if the user *thinks* he or she has correctly followed the instructions, but hasn't), or leave a false sense of heightened danger (that one's wallet.dat is at constant risk of theft unless you're a 1337 Linux h4x0r).
The most important point IMO here is that a copy of the file can be used by the bad guys for transactions at ANY TIME - even if you've put the wallet.dat on a CD, chucked it in your safe and burned the computer used to make it. If the file is stolen at any time, it won't be able to be made secure again. Hence you've got two choices - either create the wallets in clean-room environments (as this guide attempts to), or accept that there are black-hats around *very occasionally* and spread your money around multiple wallets, made in different environments, none of which you cannot survive without if stolen. Better still, keep moving the money around and keep an eye on transactions made using your account.
I'd go with these points (out of deference to the C-literate CompSci grad, heh):
0. Each wallet.dat is only as secure as the least secure copy of it *ever* created and accessible;
1. You can't 'back up' to physical media without *properly* destroying the original file / other copies - you'll be reasonably OK if you use decent 'secure erase' tools to zap the original file (surely Windows can do this??) - just make sure it's not nicked before you 'back up';
2. Wallet.dat files are cheap. If you suspect ANY chance of compromise, create a new one in a clean environment (best efforts - go with what you know) and send your coins to the new wallet BEFORE the bad guys do. In fact, a regular rotation of files is probably good advice, as per standard advice to regularly change passwords / PINs / etc.;
3. Don't hold balances on wallets that you can't afford to lose. You are your own bank security with Bitcoin and you're not insured.
As to the Windows snarks - I'm a Mac hacker so you can add 'elitist' to 'snob' if we're playing OS pissing contests
but remember that 99% of financial institutions use Microsoft operating systems both on the client and certain server environments. Banks lose money all the time, from thefts or bad loans, doesn't matter. Your money is only guaranteed to a certain minimum level and if your bank's Windows network gets cracked, a load of money and goodwill is lost and the bank folds, you'd better hope that you've got under the guaranteed balance in that bank's account. It's all about risk management. With Bitcoin, you are your own bank, and your network security is actually probably better than many banks' - but the basic rule about account balances doesn't change. Don't hold more than you can afford to lose in *one* account - in the BTC world that probably means creating wallet.dat files in differing environments.
One n00b question - given the basis in public/private key pair cryptography, surely a new wallet.dat can be created *without* access to the Internet? If so, surely the most obvious 'easy secure' method isn't using bloody Linux (for the Windows-only n00bs), but instead a fresh install of your *most familiar* operating system on a machine NOT CONNECTED TO THE NET - not only familiar to the user, but how can it be less secure (short of hardware keyloggers, in which case you're SOL)?