it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.
It doesn't matter if a trojan find's out because there are no BTC on that private key. The user just has to make sure he doesn't reuse that private key.
simple attack method:
make a trojan, which replace the bitcoin client, with a fake one that send all payment to the attacker.
it breaks through: encryption, TAN, PIN, paper wallet, anything, as soon as you put it in the client yo are doomed.
if you are unaware of it, and you will be.
the only thing encryption is good for is protecting an wallet if it gets stolen, it does not
protect you from anything else.
if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.