That depends on the situation. The private keys are on the SSH client machine, so if that is more secure than the SSH server, the setup is more secure than with passwords being on the server.
I don't think so. In my opinion i doesn't matter if you store a plaintext password or a ssh-key, which is not secured by an password.
It depends on the security of the system that either one is stored on. In SSH, they are different, the passwords are stored on the SSH server, the private keys are stored on the client. So, if your client is more secure than the server, the public key file is more difficult to get than the password file. And vice versa, of course.
Once Mr. X get's access to the file, he get's instantly access to the account which is guarded by them.
Exactly, but the difficulty in getting the file can be different, because we're talking about two different machines. I.e. one machine could be a public web server, while the other one is a heavily firewalled and IDS's and whetever'd machine in a room with several feet of concrete and steel all around it. I'd place a critical file on the second machine. Note that you need clear text stuff in some situations if you want to automate them and automation is necessary in quite a few situations. If that means an empty passphrase on an SSH private key, OK, but I make sure the machine the file is on is safe.
The use of public key authentication is definitely a lot safer against
No, I strongly disagree. By just using public key authentication you gain *no* benefit for security and aren't instantly safer.
Read the rest of the sentence. Public key authentication is safer than password authentication most of the time because only very few passwords have the entropy of a pair of public and private keys. Passphrases to private keys have to be protected, as do passwords. Private key files without a passphrase have to be protected in the same way. The difference is that passwords are usually stored on a central machine, while private keys are on the clients. However, the distinction between client and server is not a distinction in security per se. I believe there are quite a few web clients that are more secure than many web servers, for example.
If you use public-key-mechanisms in a wrong way things get much worse! Especially ssh can be abused in many ways to undermine any security barriers.
Of course any scheme can be abused. There's no difference between public key mechanisms and passwords here. But how does this relate to the issue at hand? Cya Tobias