Indeed, that's why I said "simple tampering" Password-protecting the thing simply would not be good enough, though it too is better than nothing...

The best approach of course would be for the OS to provide function calls for reading, writing and creating encrypted files, and then for every application themselves to use those functions for any sensitive data and use non-encrypted function calls for nonsensitive data. That's how a well-designed, security-oriented OS would do it. But modifying every single existing application to use such functions would simply not be feasible :/

EDIT: Perhaps we could still petition for atleast Firefox and other large F/OSS applications to move to such design. The function calls for reading, writing and creating encrypted files could be made a separate library and thus shareable between several projects, and hopefully eventually become an inseparable part of any general distribution.