Reporters sometimes ask me how many bitcoins I own; I think they assume that I'm a bitcoin millionaire.
I don't feel comfortable telling the world exactly how many bitcoins I own (I don't feel comfortable saying how many dollars I have in the bank either), so I tell them I own thousands of bitcoins-- not tens or hundreds of thousands. At about $17 each, that means my bitcoins are worth a lot more than my computer, and I worry about them being lost or stolen.
Here's how I keep them safe:
First, I have an advantage because I'm a geek who keeps track of the latest security threats and know the ways malware can worm its way onto my system. I keep my operating system and web browsing software up-to-date, never open email attachments I'm not expecting to get, am very careful about what programs I allow to run on my computer.
Even so, I'm human so I expect that sooner or later I'll click the wrong link or view a YouTube video containing a zero-day Flash exploit and my desktop computer will be compromised.
So I keep most of my bitcoins on an old Mac laptop that I don't use for anything else. It is turned off most of the time; I only turn it on when I need to move some bitcoin from 'cold storage' because I will want to use them soon. I turn it on, let bitcoin run for a while to catch up with the block chain, and then send as many coins as I think I'll spend in the next week or so. I'll wait for the transaction to get a confirmation or three, then shut it back down.
I use a long, strong pass-phrase to login, and my home directory is encrypted using the OSX's built-in FileVault protection, so even if somebody manages to find out where I store that machine and steals it they won't be able to decrypt the wallet without the pass-phrase.
To make sure I don't lose the bitcoins if I lose the laptop, I also encrypt and back-up the wallet "to the cloud" -- I use gpg to encrypt and Amazon's S3 for storage, but there are plenty of great file encryption and online backup services.
All of this is much more complicated than it needs to be and is still vulnerable to "rubber-hose cryptanalysis"; bitcoin is still at the do-it-yourself bleeding-edge-technology stage. I expect there to be ultra-secure, low-cost, easy-to-use, "you don't have to trust us" services or devices for storing bitcoins within the next year or so, and when there are I'll switch, and I'll write a blog post encouraging you to switch.