This is part of the reason I don't trust close-source applications that require Internet access. At least with open source I can take a look at the code and see, "hey — this program is running a key logger!" I can then modify the code and permissions and run the application without the offending network activity.
(I actually did that with one program, found on code.google.com no less. It was written with a key logger that uses a closed-source library called FlurryAgent.)