How to protect private keys?

[nix]

The private keys are encrypted even in exported form. Anyone who can grab your private key 
will need your passphrase to decrypt it. By default, GnuPG uses the cipher CAST5 to encrypt 
private keys. You can change that with the --s2k-* options. However, for a hacker, having 
something to decrypt or maybe brute force it is much better than having nothing at all. 
Keeping this in mind, try to keep your private keys private. Like keep them in a portable 
USB key or something similar.