I haven't fully thought this through, so there are probably holes in it. I have a mental picture of what a lightweight wallet client for a smartphone might look like. For the sake of argument, let's say that this client has some way to not require a full time connection to stay in sync with the full block chain. That in itself is a substantial problem to solve, but I'll gloss over it because it's not central to the point I'll make in a moment. Let's further stipulate that this lightweight client has its own wallet in order to carry around a small amount of spending money. Most of the user's savings are in a separate wallet, probably secured back at home, and possibly implemented as we are discussing here.
It seems to me that barcodes such as QR codes would be a natural way to transfer numbers between two devices in person. If you and I both have these hypothetical smart phone apps, and I want to give some BTC to you, then you could display your receiving address as a QR code, I scan it with my phone's camera, and then my client initiates a new BTC transaction using whatever method it has to do that. I like the idea of exchanging addresses via barcodes better than NFC, bluetooth, wifi, etc. because it requires deliberate user action, and it is easy to see that it is going on. In contrast, an attack over Bluetooth could go on silently without the user's knowledge. There may be a potential shoulder surfing problem... Needs more thought. A vendor might display their receiving address on a poster or display, depending on whether they want to use a different address for each transaction.
So, if a standard is developed for using QR codes to communicate between mobile clients, then maybe the same mechanism could be used to interface with a dedicated wallet device? I do like the idea of a purpose-built device that handles a wallet and does nothing else. While an existing device like an off the shelf Android device could be reprogrammed to serve this purpose, I'd feel safer with a device that has no network connectivity at all (not even hardware that normally is not turned on), in order to reduce potential remote attack vectors. There may be some security flaw that lets the device get owned by showing it malicious barcodes, but it would be hard to invoke if the device has a physical cover over its camera and it is locked in a drawer or safe.