as soon as you import a private key into a client. treat it as dynamite. very risky
spend the coins you want. but then make a new paper wallet and send the coins in the client to the new paper wallet.
dispose of the old, empty and used key.
don't hold onto your used private key as its hot.. not cold.
anything that has ever touched a client is not considered cold.
Ok so tell me if I understand the "change" issue correctly:
Let's say I have 100btc in a cold wallet, and I want to take 25btc out of my "savings".
If I were naive, I might import the key into some client, send 25btc to my "spending" wallet address. Then I mistakenly think that the remaining 75 bitcoins are still in my cold wallet, when in fact they have been sent to an entirely new change address. The key for this change address is in the wallet of the client I just used.
Then if I think that all I need is my paper copy of the cold wallet, I delete the client's wallet (to destroy extra copies of the cold wallet key) and thereby destroy 75btc.
Do I have that right?