Is there an ETA or roadmap for local client security?

[SlugFiller]

The way Chia is set up right now, it's nice for checking out the network, or doing some early-bird farming, but the risk of being hacked is far too large to put in serious money into it.

Let me list the most obvious:

• Keys stored unencrypted on the drive, with no option to set pincode or passphrase
• Due to the above reason, the chia keys show command has zero confirmations or protections.
• Likewise, the RPC certificate key is also stored unencrypted. This is used for GUI-daemon communication, and therefore includes everything from simple queries, to the send_transaction command, not to mention the get_private_key one. While allowing 3rd party software to access the client for dapp purposes could be useful, it should not be unfiltered no-user-interaction-required access. Besides, dapps usually have other options for wallet interaction (e.g. WalletConnect)
• While we're at it, the GUI is a wide-open window as well, given that there's no pin or password confirmation for any actions made inside of it, including "Create Transaction"
• Currently, there is no hardware wallet support that could be used to mitigate it, if one shells for a hardware wallet.

While I imagine the last one would eventually be offered, I don't think every last Chia user will purchase a hardware wallet. So this brings up the question: Is there a roadmap for closing the rest of these obvious attack vectors?