I think they replied to the right one, making the point that the long comment about malware is missing the point about the type of keylogger this is trying to protect against (because many people also, quite reasonably, use the term "keylogger" as a vague description for password-stealing malware).