You're right.
But if you want a more secure wallet use Armory.
But electrum is very good too.
i'm not sure why armory is more secure.. just because it uses a local blockchain client? running a local blockchain is kind of a hassle for me.
i think i will eschew saving the private key.. just the seed and .dat file should be good, i think. the more stuff i have laying around, the more the likelihood someone else will stumble upon it.
also, i'm wondering.. in order to steal my coins, you'd only need the private key? i thought the public key would also be required, but based on what i did with electrum.. it didn't work out that way. is the public key mathematically linked to the private key, just for the purpose of monitoring the wallet only?