Physical security is not a big issue for RSA (in the pgp implementation) because the secret key ring is itself encrypted. The problem is not so much physical-intrusion-to-get-the-key as it is physical intrusion aimed at modifying software.
To add my two cents, I once had some sensitive files solen from me. the cracker had modified the crypt command to record passwords and current directory (since crypt only works on stdin and stdout). In a matter of a few days they have my crypt password and enough infomation from my file to raise some real hell. Note that they did not bother with breaking the crypt or guessing the password they just rigged the system binaries. -Pete PS: this happend a year ago, and last month a copy of the files appeared on some systems owned by the Bay Area Air Quality Management District in SF (baaqmd). PPS: I *know* that crypt is insecure but I had tared/compressed it and des was not avalible on the systems I was working on.