Paper Wallet
A paper wallet is exactly that – a piece of paper on which public and private keys are printed. It is important to understand that coins themselves are not physical things that need storage – stored in your wallet is the list of accounts for which you control and the private key needed to spend coins sent to those accounts. Paper wallets are hackable, despite claims from some, and are just as vulnerable as properly created encrypted wallets.
Most Secure Method
While it is easy to create a paper wallet, correctly securing it is rather tedious. A paper wallet is considered secure if you are not connected to the Internet when it is generated. When you are creating the paper wallet, any malware on your PC can read the private keys. If you disconnect from the internet, this will prevent the malware from sending back the private key instantly – but the malware will simply wait until you reconnect to the internet and send the private key. If you use a networked printer when you hit print your computer will send your wallet out over the network unencrypted to the printer, allowing anyone to listen in and steal it. Some printers also have a built-in memory that stores what is printed out, and even if you clear this memory it is possible to recover it in some cases with proper forensics tools.
If you successfully create a clean paper wallet, then your private keys are safe, because malware can’t “jump” from your PC onto your paper wallet. However, you are not safe from physical theft unless you encrypt your paper wallet.
Using a clean computer, a non-networked printer, an offline version of BitAddress, Ubuntu, and LiLi is required to securely create a paper wallet – directions can be found here.
Vulnerability
The risks involved when using a paper wallet exist during the creation and storage of the physical paper. If the paper is lost, stolen, gets wet, burns up, or damaged – you cannot recover the private keys. Also, paper wallets encourage address reuse which is a bad thing. If using paper wallets, a new wallet must be made everytime a transaction is made to maintain any kind of privacy at all. They should also be stored in a secure location, like a safe or safety deposit box.