I'd like to understand a bit how Kwallet works.
I open a wallet with a master password. Does it need to be very strong? Even if I am the only one who uses this computer? And after opening, the wallet is readible by everyone, so practically "is not encrypted" (I guess).
The wallet remains open forever (or I shutdown the machine).
Any application can access (from Kwallet) any passwords. (Or at least I suppose it.)
Where is here (any) safety?
Perhaps the answer is (?) that there are some applications which I have to trust. (KMail, Konqueror, etc.) And if I trust them, then it is no more risky to allow them to access Kwallet directly. They will not mess up (or even read) the other passwords, only that which belongs to the email account (or specific login webpage).(?)
And Kwallet will always catch access-attempts, and clearly show me the application name (which is not spoofable). If I trust it, I allow, otherwise not. Am I right to suppose these?

The KWallet master password should be reasonably strong, as it protects all of the passwords within the wallet. The Wallet file itself is always encrypted, and KWallet decrypts the passwords, and data as requested on the fly.

You can change how the wallet remains open in System Settings > Advanced > KDE Wallet

Only applications which you permit access can retrieve passwords from KWallet. KDE applications will only access KWallet data that they need, which is usually not other applications data.

KWallet will always ask for your permission, unless you tell it otherwise for an application. I do not know how well it checks to make sure it is communicating with the right application however.

In addition, it should be said that while you are logged in and the wallet open it can issue your passwords, should anyone else access your computer. You should therefore either close the wallet or lock the screen if you need to leave the computer unattended or if you allow another user to use the computer with his own account.

KWallet also links passwords with particular addresses; so, for example, if a website has multiple portals and you enable the password for one portal, it will not work on another portal to the same website unless you enable that portal. This can cause problems if you change your password and inform KWallet for one portal because it will continue to use the old password for the other portal. In one case, I so rarely used the other portal that, when I did, I had forgotten the password and was relying on KWallet.