You can have it both ways. I have a second keychain, set to auto-lock after 5 minutes, that contains all my high-security passwords. The login keychain contains low- and medium-security passwords.
My financial records are stored in an encrypted disk image file, with a ridiculously long password. That password is stored in my high-security keychain.
When I launch an application like Quicken that wants access to my financial records, it tries to auto-open its most recent document, which through the magic of aliases causes the encrypted disk image to try to mount.
The disk image needs a password to mount, but the system notices that the password is in the high-security keychain, so it asks first for the password to that keychain. If I enter the correct password, the keychain unlocks, the disk image password is retrieved, the disk image mounts, Quicken is happy, and in short order the keychain auto-locks. (Quicken continues to be happy; the disk image's password is needed only to mount it, not to keep it mounted.)
If I don't enter the keychain password, clicking "Cancel" instead, the system says "OK, then, can you give me the password to the disk image?" If I knew it, I could enter it then.
When I'm through with Quicken, I have to remember to unmount the disk image, both to secure it again, and to let Time Machine know it's now safe to back it up. (TM will not back up a disk image, secure or not, while it's mounted.)
My login password is relatively strong, a compromise between security and convenience. I need to type it to log in, and to wake from sleep/screen saver. My high-security keychain has a much stronger password. I only need to enter it a few times per month, so brevity is not important.
