Isn't the
Simple Python Keylogger already able to record mouse-clicks and taking a snapshot in each instance? I'm sure if an open source keylogger is up to the job any malicious keylogger should be able to do so as well.
The OSD keyboard can be defeated. But simple, off-the-shelf pluggable keyloggers, only record keystrokes. This isn't intended to be a replacement for real security, it just raises the bar a tad for what an attacker needs to attack you.
Thanks for the link to your thread from last year! I read up on the QR code option and I think this could be done ultrasafe and very easy by slicing my Bitcoin holdings in several small accounts, then using the scanner from the Blockchain.info Android app to retreive the QR code with the private key. That way my offline laptop could remain more or less completely off-grid.