IMHO, an impossible to re-flash hardware is much more "security freakishness" than password-protected files...
Actually this solves (at least partially) the problem with wallet distribution. With easy option for reflashing the device, wallet distributor would modify the firmware and make there some backdoor quite easily... ...although the real attack would be still pretty difficult, as user would need to have also compromised machine which will misuse that modified token.
And, why making an impossible to re-flash or read keys hardware if the whole wallet will likely be stored unencrypted on paper in the same physical building than the device? Somebody with physical access to the device will likely have physical access to the paper backup.
Both digital wallet and paper backup have different purpose. Having paper backup is the easiest way for disaster recovery for *all* people. More skilled people can choose how they store the "paper backup", if they store it just in envelope into their safe or if they underline these words in their favourite book in their home library, put it into encrypted file to Google docs, memorize it or so. Actually forcing people to do electronic backup is the limitation for many people. Having the easy possibility to export seed directly from the device and not over (potentially hacked) computer is bulletproof and far simplest to understand for everybody.
Finally, if you don't consider encrypting the keys in the device, then you're not considering plausible deniability. Somebody willing to physically steal the device is much more likely to simply physically force the user to give him the money ($5 wrench attack). If you don't have multiple encrypted volumes, and you're not some sort of Rambo capable of counter-attack in meatspace, then you lose.
We're targeting to common users, not mafia.
I know. I just think it'd be nice if everybody could easily have the option of having the same level of safety and security as well, including people who don't know what the heck a "live distro" is.
As I said, displaying the seed on the device during the initialization is the most easier and flexible solution. Do whatever you want and whatever fits your needs with it. Actually "paper backup" or "mnemonic seed" is considered as the most safe way of storing bitcoins, so I'm a bit surprised that you're trying to said that it's not safe enough :-).
Pardon my ignorance, but why does it need to be initialized on an unsecured machine?
This is chicken and egg problem. If you already have secure machine, why do you need to export already encrypted backup to it? If this computer is not *so* secured, how you can put passphrase over it?
PS; Please don't take what I say here as bashing criticism. Even if this device is not "physically safe/secure" at all, it would still be awesome as a protection against hackers, which are the real danger most bitcoin users face today
At this date, there have been many of successful hacker attacks (I personally lost 3100 BTC during that one), but not a single known issue of $5 wreck attack against bitcoin wallet owner. Let's do solve real issues and don't try to solve something what's not the real problem.
Again I respectfully disagree. Most young people at least would likely find it easier to store things on their google accounts than to physically store paper in an organized and safe manner.
You cannot expect that other people are like you. No, young people don't backup more often than old people. I bet the exact oposite, from what I see around me.
Even small keybords like those in some cellphones are that expensive? I'm really ignorant on this.
This goes completely against the initial idea, to have simple, small and cheap device. And there's no major improvement while having physical keyboard on the device. Use it for encrypting the initial backup won't justify it...