After reviewing the protocol, I can tell you that a completely offline wallet is entirely possible on the client implementation level, even for sending coins out from the wallet. Your online computer is used to track your balance and transactions, your COMPLETELY offline computer/wallet device is used to validate send requests via USB key. Perhaps if I have time after the summer after wrapping up some other projects, and if this hasn't been done by then, I will contribute to the client code to support this scenario.
Here is how it works:
Offline device: Generate wallet file with public/private keys. Put public key on USB key.
Online computer: Track my wallet balance with the public key.
Any computer: Send money to wallet with the public key.
Online computer: ooo, you have money! Look at your new awesome balance!
Online computer: Create "send money request" on a USB key that contains the amount and relevant blockchain(s) for the coins you want to send.
Offline device: plug in the USB key, compute the new updated blockchains using the private key.
Online computer: plug in USB key, propogate new blockchains across the network.
It would also be fairly easy to create a "secure wallet device" that has a fingerprint reader on it and a USB port, nothing else. The device stores your public and private keys, lets you export an encrypted copy to the USB key for backup purposes. You can store large amounts of money on it, keep it in a safety deposit box until you want to pull some money out. When you do, jump on your PC, fire up your client that is tracking the wallet from the public key and put in a USB key, hit the "send money" button, enter an amount. Plug into your secure wallet device, scan your finger, plug back into your PC and off go the new updated blockchains. Your private key never sees an internet connected device.