Now that bitcoins are worth stealing, virus writers and scammers are busy trying to steal them.
The current bitcoin software that you can download and run on your computer makes no attempt to keep your bitcoins safe from malware infecting your computer. None. Nada. Zip.
Your wallet.dat file is sitting right there on your hard disk, unencrypted. A big, juicy target for viruses and malware.
So why didn't we encrypt it up the wazoo and require that you type six passwords to unlock it? Well, two major reasons:
First, losing your wallet or forgetting your password is (arguably) as big a threat as theft. There is a reason every online service has some 'recover/reset lost password' feature.
Second, encryption might give users a false sense of security. If you use a weak password then encryption doesn't help; bad guys can steal the encrypted wallet and, in a few seconds, try decrypting it with the most popular passwords. And if your machine has malware running on it, then it can easily install a keylogger and get your password when you type it in.
Bitcoin could start playing whack-a-mole with the bad guys-- they implement dumb keyloggers, so we implement an on-screen keyboard and you use your mouse to enter your password. So they implement a screen+keyboard+mouse logger, we come up with some complicated one-time-password scheme involving you printing out pieces of private keys the first time you start bitcoin. So the bad guys wait until you send some coins, and then modify the transaction after you've typed in the information from the piece of paper.
If your computer is infected, then it cannot be trusted, and there is no software in the world that can keep your bitcoins safe if they are stored on it.
However... wallet encryption is planned for the next version of bitcoin. It won't protect you from viruses, but it will stop your cousin from walking up to your computer and helping himself to all of your bitcoins while you're out walking the dog. And if you use a strong password you won't have to worry about somebody stealing a backed-up copy of your wallet and spending all your coins. I just hope users DO use strong passwords and DO NOT lose them.
The real solution is multi-device confirmation of big bitcoin transactions. You'd send coins starting on your computer, but the transaction wouldn't be valid until it was signed by another device, which would somehow contact you (NOT through your computer) and ask you for your OK before sending it along. The guts of bitcoin supports that (and a whole lot more), but it will take a fair bit of work to make it all fool-proof and easy to use.