So, in less than a few hours, I completed the password store component for Joomla. That's partially because I worked from a different component that had most of the options I needed, but partially also because I could easily use the Joomla infrastructure, which requires little in the wake of learning.
Of course, while it's a functional component, it's still not at 1.0. Hardcoded strings (they are in the original, too), incomplete removal of spurious options, you know, that stuff. So I'll continue cleaning up for a bit, then publish.
There is one item missing, which is the count of attempts by a user to his/her notes. I guess if the user logs in successfully, I don't have to worry about the lockout. What is more important is that the notes are encrypted using a passphrase that is not known to the server (unless the component is modified, that is).
Come to think of it, this is not a secure solution at all, but as close as I'd like to get to get there. Ultimately, someone that has access to the notes can figure out the passphrase by waiting for a user to enter it. But, you know, the deal is to enter the notes before that's all necessary.
Next step? Clean up, and then an import utility.