The thing I find more dangerous than that is anyone with your wallet.dat file can go and do whatever with your account.
There really should be additional checks. Having to sign your transfer requests and allow people to impose a voluntary delay on their transactions to allow time for cancellation would help significantly.
My wallet is on an IronKey - in order for me to use it I have to plug it in and decrypt it. I also backup my wallet on a NAS server but the wallet is encrypted with GPG.
Where do you back up your GPG private key? Where do you store the passphrase for the key? It's a long chain of vulnerabilities in any well architected system that must be addressed. This seems acceptable for a big company, but for an individual to have to go through all these steps just to protect their money seems arduous.
Not if you have a secure means of input in your OS. OSX does, for instance, you can turn it on in the Terminal application and no loggers will see what you type.
Unless they install as a kernel extension, then you're screwed. But that requires a password.
of course. But now we're talking something significantly more complicated than a keylogger, and more fragile as it probably relies on glitchy behavior.
There really should be additional checks. Having to sign your transfer requests and allow people to impose a voluntary delay on their transactions to allow time for cancellation would help significantly.