Yeah, I'm with you, it's something I'd like to hear about too. I suspect there's probably only a limited set of cases where it would come into play, but they are interesting cases and worth discussing.
I suppose the way you could tackle it is that every time a user "registers", the app creates a separate Gears database for them, with the password stored in it in an encrypted form. This is in no way, shape or form 100% secure, but it's probably good enough for many situations. That way, the data is segregated and should, to a first approximation, be somewhat safe from others. Of course, you can just hack the SQLLite database files, but like I said, to a first approximation that might be an acceptable risk.
I think I remember seeing Dojo including some encryption support on top of Gears, but I'm not sure the status of that or how robust it is, or how far along it is, that could be another good, helpful piece of the puzzle.