Comment: wallet.dat contains

(See in situ)

In reply to comment: the DAT file contains the key (see in situ)

wallet.dat contains

wallet.dat contains your private key, yes. (I'll be elaborating on this in the next part, so stay turned!)

Some desktop clients let you password-protect your key. The encryption strength depends entirely on the strength of your password. http://www.passwordmeter.com/ can give you a good indication of your password strength. Any score over 50% should take a sufficiently long enough time to guess that the hacker will move on to the moron whose password is 'password'.