I found this which may be another way to log keystrokes. It looks at /proc/pid/sched and is supposed to be able to spy on keystrokes.
https://www.openwall.com/lists/oss-security/2011/11/05/3
It only says gksu but should work for any program. I haven’t tested this yet.
We very partially mitigate this due to mounting /proc with hidepid=2
but this will only prevent the script from spying on other users’ programs.
A way to mostly mitigate this would be to run every program in its own PID namespace or as its own user so it can only see its own processes.