I also type (most) passwords purely by muscle memory (and have had to type a couple of shared passwords into wordpad so I can actually say what it is I've been typing (mostly for where shift is and isn't toggled)... but having said that, I've gotten multiple accounts locked out due to the following reasons:
Gorram cap lock (as annoying as the popup is, that's something MS got right imho)
Pseudo-cap lock... not sure if MS would have detected it (it was through a web interface), but somehow the KVM I was using stopped detecting shift/control and there was no feedback that this was a problem as my username is all lower case
Shitty dell keyboard on one laptop only detects one letter (which of course appears several times in the passphrase) about 30% of the time... yeah, I can count *'s, but that's a pita given the muscle memory above
Probably also, a long time ago, at least got the password wrong once when switching between old school apple and IBM keyboards (f and j have dots on PC, d and k have dots on MAC, put my hands in wrong spot)
There's also the story about the guy who could type his password sitting but not standing... the story goes that while sitting, he touch typed, while standing he hunted and pecked and someone had swapped a couple of keys on the keyboard that wouldn't be noticed while touch typing but would when looking at the keyboard
As far as shoulder surfing goes, if someone is going to be hunting and pecking the password anyways, it would seem to be almost as easy for a shoulder surfer to watch your fingers hit keys as it would be to read the password off the screen... especially if you use leetspelling for passwords.