@Vladimir, it's possible to have a savings wallet that has NEVER been online, but how do you securely SPEND from such a wallet?
Since you are willing to assume (modest) advances in software by the time you want to withdraw savings, I suggest:
1. Get a trustworthy live CD system with VAPORWARE A [1] that creates a Bitcoin key pair and displays its Bitcoin address without having to download the block chain.
1a. Alternatively, the system just needs an "openssl" program that supports "openssl ecparam -name secp256k1 -genkey" and "openssl ec -pubout", and you can do some base-58 math to get the address.
1b. Alternatively, for better security, learn to do cryptography on a pocket calculator, an abacus, by writing numbers in sand, or in your head, and dispense with computers in what follows.
2. Boot a trustworthy machine from the CD in a secure, non-networked location, and run Vaporware A to generate a key pair in PEM format (or a more compact form such as Sipa's).
2a. For added security, use a system without any writable media.
3. (Optional: requires remembering a pass phrase) encrypt the key pair with "gpg -c" or similar.
4. Copy the key pair and address from your terminal to a piece of paper. You'd better generate and copy a checksum of the key pair to make sure you get it right later.
4a. Alternatively, if you trust your printer, attach it and print out the key pair.
4b. Alternatively, you could print it as a QR code, if your vaporware supports this.
5. Shut down the live CD machine.
6. Send your BTC to the new address. Use some vaporware (a trusted block explorer) to make sure it arrives.
7. Go about your business until you want to spend the BTC.
8. Using Block Explorer or a similar tool, find the transaction out-point (transaction hash + output number) of each coin you want to spend.
9. Use VAPORWARE B to create a file containing the parts of the block chain needed to verify those transactions to your address. (This could be the entire chain or just the block headers, Merkle tree stubs, and the transactions in question as described in Satoshi's paper.)
10. Copy the verification data to media such as a thumb drive.
10a. Alternatively, for a little extra security, prepare for several long nights of typing it in (assuming it is just the headers and Merkle stubs).
11. Boot a trustworthy live CD with VAPORWARE C on your secure, non-networked machine.
12. Using the verification data and out-points as input, run Vaporware C to sign a transaction. This program will prompt for the key pair you generated in Step 2, as well as an amount and recipient address.
12a. If you worry about anonymity, you will have another secure key pair ready to receive the change.
13. Vaporware C displays a graph of network hash rate (or difficulty) over time. Make sure it looks about right and there are no big, unfamiliar dips. Cf.
http://bitcoin.sipa.be/speed-ever.png. This helps Vaporware C trust that the outputs obtained in Step 8 are in the amounts you think they are, so you do not accidentally give some lucky miner a huge transaction fee.
13a. If you don't care about this possibility, you don't need Vaporware B or the verification data from Steps 9-10.
13b. [Edit] I think, actually, the raw transactions and their hashes would suffice.
14. Copy the transaction signature to the thumb drive, paper, or similar.
15. Shut down the secure system.
16. Using VAPORWARE D on a regular, networked system, enter and upload the signed transaction to spend the coins.
17. Wait for the network to confirm the transaction.
18. Relax!
Note, you would want to test these procedures a few dozen times before entrusting your savings to them.
[1] Vaporware A, early alpha version:
https://github.com/jtobey/bitcoin/raw/importkey/contrib/genkey.py
