This is less about brute forcing private keys and more about hijacking a wallet application. In 15 minutes I could write a macro that can learn and replicate mouse clicks and keyboard entries in relation to an established GUI design. Now I have all I need in order to hijack a wallet application and make a quick and highly automated payment. Why should I be able to write a macro/keylogger with the piece of mind that if it worked on my test rig it might work on the PCs of victims? We are concerned with securing the data yet we make no attempt to safeguard against something that could simply take control and drive the application in the wrong way? That was the point.