Given the need for secrets in other contexts, like private keys in NIS+ and the server side of SSL, I am unsure that the desktop is the right place for this sort of functionality.
I would instead propose that some form of kernel secret storage, which also has the advantage of being immune to things like ptrace(2). Given some mm work it might be possible to mark pages as sensitive and never allow direct user space any access to sensitive pages.
The user space API could be a sepccial file system with more security features. Implementing an OO style API in terms of such a file system should not be rocket science.
There is already an (expensive) version of this available now and it is called a hardware security module. At least one vendor supports Linux.