Speaking as someone who works at a public library, I can tell you with a fair degree of confidence that if somebody installs a keylogger on a public access station, he's going to be able to collect much more compromising (to the victim) and valuable (to the miscreant) things than Perlmonks accounts. Of course, what he'll *mostly* get is a bazillion free Yahoo and Hotmail accounts, which in general are going to be worth precisely what the original owner paid for them. However, I'm confident that any Perlmonks accounts collected would be cleanly outnumbered by credit card numbers. Which do you suppose the attacker will be cheifly interested in using?

The one-time-pad idea is a good one, for situations that warrant that kind of security. I wish banks would use such a mechanism, for instance. I have doubts about the need for such a thing on Perlmonks, though, and carrying around the pad would be sufficiently inconvenient that I personally would, for something like Perlmonks, just take the risk and use my regular password. (Of course, my account doesn't have any privileges that would be really dangerous to the site, so all I'd be losing in the worst case scenario would be my own account; an account with more interesting priveleges might warrant greater care.)