Seems most of the people responding here didn't bother to read about subliminal channels before giving their 2c of wisdom.
It looks like covert messages can be embedded in the signature itself. This would be bad. Real bad.
My simpleton solution would be to use paper wallets and sign transactions offline with a vetted copy of something like coinb.in where you can review the code line by line to verify that "k" is not being gamed.
Thoughts, smart people?
If there is a keylogger installed by the manufacturer in your brand-new desktop then you're SOL using any computer. I suppose there needs to be trust somewhere. But thanks for coinb.in - it looks very interesting. I've been using armory and my own brain key. (I'll let all of you decide if I'm a fool or not). But as the password has over 100 characters I'm fairly confident that,at over 10^130, that it's safe.
And, continuing down the paranoid road - I'm using a raspberry pi. Hmmm maybe I ought to worry about a keylogger there as well.