2) Virtual keyboard option where the password is entered on a scrambled keypad with a mouse - no key-logger virus possible
How can that be hacked? Much simpler than getting a computer and running a geek os.
A virus could use the Remote Frame Buffer protocol (the protocol used in VNC) to capture the pad entry. The virus might be smart enough to at least identify which window to capture - even if it just packages up the info to send to a human to read off the actual numbers that were input.
I don't doubt there are other ways too.