Why should a trojan bother to read files or clipboard data when it can read the password directly from the input field? You don't even need a trojan for this purpose, simple XSS at the right spot is sufficient. This means it's irellevant wether you write it on paper or in a file, since the password will be stolen when it's entered. The only thing you can do is to make sure your password is long enough so it can't be guessed, and that's where a password manager will help you.