There are two security items here. The first is that the secret RSA key nott be revealed. The second is that the name attached to that key pair not be revealed.
I may be nitpicking here, but I have to argue. Although there is a relationship, security and privacy are not one and the same. You have named a security item, and a privacy item, not two security items. For privacy to exist, security may be necessary, but that doens't make it a security item. For instance, I trust my roommate to respect my privacy. There's no lock on my bedroom door. He knocks before coming in if I'm in there. This is a privacy system based on trust, not on security. I'm not proposing this model for the net, don't worry! (That's Dorothy Denning's job. :-) I'm just pointing out that privacy can exist without security, given appropriate constraints. Similarly, security can exist without privacy: You can clearsign a message w/o encrypting it.
This is really a huge hole. Since secret keys are presumed to be in the possession of only those who actually use the keys, possession of a secret key on the secring.pgp is tantamount to proof that you are that pseudonym.
I believe that the secring.pgp is secure, for most reasonable purposes. (You can debate this, but I'll just keep changing my definition of reasonable on you. So don't bother.) However, it is clearly not private. One could argue that the entire secring.pgp should be encrypted, and I might even agree with you. I'll have to think about it more.
In short: everything about a secret key ring should be encrypted.
A parallel (not as consequential): everything about a public key ring should be encrypted.
The former point is probably true. However, the latter point is ludicrous, IMHO. If it's a public key, why should it be encrypted? The whole purpose of a public key is that it can be widely published. Encrypting it sort of kills the idea. If the name<->key mapping on the public key is protected, it's useless for me to know that key ID B4B951 signed some message. I want to know who that person is, or at least, who they claim to be. You could claim that the keyring identified the people with whom I talk, but that is easily overcome by just keeping a few thousand people on your keyring. Then the signal is buried in the noise. Even if you don't want someone's public key visible on your own keyring, it's still reasonable for their key to be published in some "global" directory, in the clear. Marc