Especially if you are mainly looking for user data (Quicken data, credit cards, etc) anyway. This is where the next level of protection, sandboxing, will help somewhat. Some forms of phishing will never go away.
Quicken data has the option to be encrypted and that type of data should be encrypted. Most financial apps have the option.
Or, users can do it themselves using encrypted sparse bundle disk images via Disk Utility in OS X.
But, many users don't encrypt this data. So, why isn't this user data targeted more often by malware?
The malware developers sell the credit card info in bulk (bundle of 50) for on average 50 cents per set of credit card info. So, malware has to gather this info in high volumes to be profitable relative to the costs of producing the malware.
The malware developers also have overhead to their activities, such as bandwidth costs and time to data mine the collected data. Also, not all users have this type of software to target so the return on the time invested in development is lost due not all targets using the software. Bandwidth overhead and data mining time per target only becomes greater if the attacker discriminates less in the files that are collected.
The effectiveness of high volume simple phishing emails and other phishing scams makes the investment in malware that targets user data not cost effective.
Malware targeting user data files isn't even common in Windows. This type of malware is typically used to gather intellectual property from corporate or government targets.
When malware is used, credit card numbers are typically collected via auto mass malware that includes a keylogger or scrapes the data out of protected storage. This is because the data mining is done on the target machine with much smaller data files being sent to the attacker and the method will be productive on most infected targets because it doesn't rely on any specific software being present on the target computer.
Keyloggers that are able to collect protected data entry, such as masked passwords (online banking password) and masked text fields (credit card field in web forms), require system-level access to install.
Protected storage in OS X is actually protected given keychain entries include ACLs and non-default keychains can be protected even if the attacker achieves system-level access.
Protected storage in Windows doesn't include ACLs so any app can access the storage of other apps. Protected storage in Windows doesn't allow the extension of security provided by keychains in OS X either.
Sandboxing doesn't provide any protection from trojans. Sandboxing works against malware that uses exploitation rather than social engineering.
But, at this point, there is no known method by which OS X and/or Win7 will become like the "stark wasteland" that Windows (XP and older) has been.
Methods are known for both Windows 7 and Windows 8.
http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/
It is rare to see these methods used in malware in the wild targeting fully patched systems but it does occur.
