So if you have a machine which has been compromised by this security flaw, aren't you pretty much done for? If you have another user on your machine who is savvy enough to figure out what you're typing by timing the keystrokes sent to the system's entropy pool, you're pretty much screwed at that point, right? I mean, you'd almost certainly have to have larger issues.

Although on a public system (like a mail server or something) with a few hundred users, I could see someone trying to sit there and listen for when root logs in or whatever. But still... it's not exactly "easily exploitable" (especially if you type like me or Toddler) and someone using it to get root on a box probably has a hundred extra things he knows to try first.