Currently, Thunderbird uses a randomly created passphrase to protect the OpenPGP key files managed by Thunderbird. The random passphrase is optionally protected using the master password.
Some users are concerned that the master password mechanism isn't sufficiently strong to protect the OpenPGP keys. (See also bug 973759.)
The suggestion is to implement a feature, that allows users to protect the OpenPGP secret keys using passphrases that are chosen by the user, and using the cryptographic code of the OpenPGP library.
Thunderbird could have a single pref, that could disable the use of the automatic passphrase mechanism. When importing keys, Thunderbird could keep the existing passphrase protection. When generating new keys, Thunderbird could ask the user to define the individual passphrase for the new key. Whenever using the secret key, Thunderbird could prompt the user to enter the individual passphrase for the respective key.