The reason I didn’t use protocol buffers or boost serialization is because they looked too complex to make absolutely airtight and secure. Their code is too large to read and be sure that there’s no way to form an input that would do something unexpected.
I hate to sound rude, but that sounds like the danger with the SCRIPT field in transactions. You’re comfortable writing a whole evaluation language letting the blocks suggest operations to the client, but you’re not comfortable using a library like protocol buffers?
Would you consider including an option to write the wallet file out in protocol buffer format instead of the custom format? That way the default can be the custom format which you trust more, and users can export their wallet to protobuf format if they want to move to a new client.
— martin
Why not use XML for that case? The size of the wallet file on disk isn’t exactly a big concern when it comes to export, and XML compresses pretty well. Plus, it’s completely human readable - it would help people to understand what is actually stored.