none of that helps against a compromised machine.
Actually, it does.
You may fool an attacker into thinking that he hacked all the layers, while he only hacked top 2 of them.
Maybe we are misunderstanding eachother, but what do you think gets captured by a keylogger running on the *host* where you open a VM in a VM in a VM via a VNC session and you type in a TrueCrypt password, anywhere? Bonus points for guessing the same for what happens if you press PrtScr.
A VM truecrypt that uses an on-screen keyboard that is randomly scrambled with each startup. User clicks in his passcode. Keylogger fails, mouse recording fails, screen capture does not fail.
Speech to text? Soundcard sniffer?