If you use X windows, every keystroke goes through the X server and in theory, keystrokes can be grabbed.
I am not aware whether that is a problem. If you want to avoid that risk completely, you would decrypt the wallet in a console window which can't accessed by other running programs for input at the same time.
However the most important thing for a Linux system is to assure that no untrusted software runs within the system or the user space. The reason for that is if evil programs cannot do keylogging, they could do other malicious things, for example replace the bitcoin executable. The good point is that almost all programs are protected by their file permissions. That makes it relatively hard to get malware in.
An option is to use SELinux (poorly supported by Ubuntu so far, but much better by Red Hat), which restricts many of the unused freedoms programs may have.
The first thing you would do to enhance security is to use no or only a minimal web browser, as their plugins are located often in user space. Next you could strip down the system to contain only the most necessary subset of software. What is not there can't be hacked.
So for high-security demands you could end up with a system featuring SELinux, a stripped down install, a console bitcoin client and only minimal software.