I also type (most) passwords purely by muscle memory (and have had to type a couple of shared passwords into wordpad so I can actually say what it is I've been typing (mostly for where shift is and isn't toggled)... but having said that, I've gotten multiple accounts locked out due to the following reasons:
Gorram cap lock (as annoying as the popup is, that's something MS got right imho)
Pseudo-cap lock... not sure if MS would have detected it (it was through a web interface), but somehow the KVM I was using stopped detecting shift/control and there was no feedback that this was a problem as my username is all lower case
Shitty dell keyboard on one laptop only detects one letter (which of course appears several times in the passphrase) about 30% of the time... yeah, I can count *'s, but that's a pita given the muscle memory above
Probably also, a long time ago, at least got the password wrong once when switching between old school apple and IBM keyboards (f and j have dots on PC, d and k have dots on MAC, put my hands in wrong spot)
There's also the story about the guy who could type his password sitting but not standing... the story goes that while sitting, he touch typed, while standing he hunted and pecked and someone had swapped a couple of keys on the keyboard that wouldn't be noticed while touch typing but would when looking at the keyboard
As far as shoulder surfing goes, if someone is going to be hunting and pecking the password anyways, it would seem to be almost as easy for a shoulder surfer to watch your fingers hit keys as it would be to read the password off the screen... especially if you use leetspelling for passwords.
*sigh*
I doubt you'll see this and all, but I'm amused that I read your post (without seeing the poster name) and was wondering if the poster had worked with you.
Hope all is well, and btw, I'm not the father of a child(1) process.
Carleton
I could be wrong, but I think the good news is that if they embed the graphics, they've basically embedded it such that your browser doesn't go back to a server to get the image (at some point, they added the ability to embed an image as base64 encoded data, theoretically targetting a page with small images that would take longer (due to having to setup multiple http connections after decoding the html) to pull down separately))...I'd say they're doing it more to get around filters than to do web bugs.
Hmm... Palin, Edwards, Quayle, (Also Adm Stockton was Perot's iirc), Ferraro and anyone before that was BMT as they say... so 5.
Grr... wish I had modpoints... there's about 3 light years of difference between fruitcake and stollen...
Hmm... guessing you mean Debt of Honor by Tom Clancy.
Where there's a will, there's a relative.