The fact that a Keychain is unlocked still only gives designated programs access to passwords and /usr/bin/security is no exception. The command from the article results in about a thousand "always allow/allow/deny" dialog boxes on my system, and there's an option for each password in Keychain to require a password to "allow" (from Get Info > Access Control, then set Confirm before allowing access and Ask for Keychain password, and clear the "Always allow access" list; admittedly, this would be a huge PITA for lots of passwords). Alternatively, if you want to "lock" every password but Mail's in one stroke, you don't need another computer: just create another Keychain with nothing but your Mail passwords, select it as the login keychain, and set the original keychain to "Lock after 0 minutes of inactivity."