It's considerably more than that. Please read on.
No, Nathaniel, it is not. You watch keystrokes and record the ones you're interested in. This technique has interesting possibilities, but all your PR screaming won't make it anything more than what it is. How interesting are these possibilities? It's hard to say. Don't run software you don't trust. Well, most of the people on this list probably already know that. I betcha a good-sized portion of the computer-using populace knows this, but actively (or passively) defers the choice to someone else. You must trust something. You folks trust the telephone (never gets tapped, right) the postal service (of course mail never gets stolen) banks or credit card companies (which never have problems). And then, on top of that foundation of sand you build a commerce system with MIME and SMTP (sendmail is the most bugfree program ever written). I used to think you were aggressive techies, now you're just greedy bastards who will seemingly stop at nothing; Stef's blatant attempts to ensure MIME's use in IETF-PAY was not an exception, but the first salvo. You make me sorry I invented safe-tcl and made FV possible. /r$