After the last wallet steal, there is a strong recommendation to protect wallet.dat from trojans
I think one of the worst weakness of the actual development of bitcoin, is the mixing of client and server/daemon activities. AFAIK, the daemon does not need anyway the file "wallet.dat".
So, I propose to separate both programs definitively. "Bitcoind" should have the data (except "wallet.dat") in ~.bitcoind
directory. And "bitcoin" should have its own, let's say, ~.bitcoin
directory with encrypted "wallet.dat".
If the user has an active "bitcoind" daemon, "bitcoin" searches in ~.bitcoind
the data for RCP-connection to the daemon. Eventually, "bitcoin" can connect to a remote "bitcoind" and then the program should ask for data connection, which eventually can also be hosted on ~.bitcoin