Both hot and cold wallets should be password protected and encrypted. The key storage file that is held on the online or offline device should be encrypted. The user is therefore protected against theft of the file (to the degree the password cannot be cracked). However, malware on the machine may still be able to gain access (e.g., a keystroke logger to capture the password).