Do I understand right that id_rsa is an equivalent of password.txt in that you have big broblems if someone gets it? In this case I really worry about its being stored in the open in some /users/AppData and not on some TrueCrypt drive that is not mounted by default.
This is why you protect it with a passphrase, which SSH asks you to do by default. Choose a good passphrase, it's encrypted on disk, and decrypted only as needed.
Seriously guys, you're not even trying. Here are the instructions everyone is freaking out about, they contain an explanation of this very issue.
