I think the observation about Target vs Bitcoin exchanges is a sharp one, but I'm not sure how your proposal helps. You say it's an optional identity layer, but obviously any thief is going to opt out of being identified.

For things like the Bitstamp hack, it's not clear how identity can help, because they were already doing KYC for all their customers. To take that further at the protocol level would require all transactions to have attached identity info, and that isn't going to happen - it wouldn't be Bitcoin, at that point.

I think that long term, it's probably possible to defend private keys adequately, even for large sums of money (maybe not bitstamp-large but we'll see). You can have very minimalist secure hardware that would have some additional policies on top, like refusing to sign transactions without an identity proof of who controls the target address. Very tight hot wallets that risk analyse the instructions they're receiving have been proposed years ago. 

No such hardware presently exists, but that's mostly because implementations always lag behind a long way behind ideas rather than any fundamental technical bottleneck. Perhaps the Bitstamp event will finally spur development of such things forward.