[lowry]

I prefer using git-encrypt https://github.com/shadowhand/git-encrypt

The concept is a bit different. The remote repository is always encrypted and the local is always not.

[michaelmior]

So anything that can read your disk has access to all your passwords?

[reitanqild]

There is always access control (rogue users) and disk encryption (offline attack).

Personally I tend to think that once you have malware running then you are basically owned.

[zzalpha]

Yes, so you should definitely do something that makes it infinitely easier to steal your passwords once you're compromised... why go through the trouble of installing a keylogger or other malware when they can just copy the contents of your home directory!

Edit: In case folks miss the point: just because security is hard, doesn't mean you should just throw up your hands. By this very same logic, why bother with passwords on your workstation? Or filesystem permissions?

Heck, if bitcoin wallet hacks have taught us anything, it's that good quality, local encryption is critical specifically because a remote attacker could take over your machine. Why make their job easier?