One thing I strongly suggest to Turbine to prevent keyloggers:
Have the client require, in addition to a username and password, that you select your date of birth (or a 3-4 digit passnumber) from drop-down menus.
That way, someone that installs a keylogger on your system won't be able to steal your password unless they are also screenwatching you. Screenwatching is *very* resource intensive on the computer being observed, and is thus very easy to detect (the computer that is playing DDO while screenwatched will be slowed noticeably). Plus, it's just not worth the effort for hackers.