That makes no sense.
Why would you go to such drastic measures when you can encrypt your wallet with a passphrase using the bitcoin client?
Choose a decent passphrase and you're good to go.
Just please make sure your machine stays malware-free, ok?
Remember that if your main machine gets infected, a VM running inside it might not protect you.
A VM can be used with great success to contain a threat, not to keep a threat already present in the parent machine outside.
There is no gain in keeping the block chain on a volatile FS and re-downloading it all the time.
Keep the block chain on the persistent FS and limit your worries to the wallet file.
Also, why make the wallet file read-only??
The client will want to write changes to your wallet with every transaction you make and "read" is the only privilege the malware really needs.
If built-in AES encryption doesn't seem enough, you could always use TrueCrypt and mount your Serpent-Twofish-AES-encrypted wallet using the command line.
Alternatively, you could keep the wallet on a LUKS-encrypted volume. This way you can have multiple keys and revoke them if necessary.
Or, use the good-old gpg for securing the wallet further.
There are countless possibilities.