Well, if you're running devel, it's your own sad fault.

I still remain very doubtful anyone is running a keylogger, especially someone from China, etc.

Here's something. if you find a keylogger in any app in the repo, I'll give you $50. I'm pretty sure any other platform is way more likely to attract spyware and keyloggers.

Deal?

Also, please check my background (profile), I'm not your average user with regards to security. Even MITM won't break SSL or TLS, considering that they can't have the private key of a certificate issued for mail.google.com, or whatever the domain is. It's the whole point of SSL and TLS, is that the only way for an attacker to trump your browser without showing any warning sign would be to have compromised your client with a self-signed root cert.

Don't sprout things which aren't true, please.