4. Just log out every time you end using Bitcoinica. And don't use it on untrusted machines. You do this every time you're using your bank account online, right?
My bank account sites that I use time out after 15 mins and logout and money there is a lot harder to steal.
Mine too, but still, it's a GOOD PRACTICE to log out every time you finish working with any online financial service, especially when it's responsible for enough money that you care for it.
I understand that some people would like to see this. But if Bitcoinica were to implement OTPs for withdrawals, I'd like to see it as an optional feature.