People really log in to their terminal emulator? And it's closed source and connected to the internet?
My terminal emulator handles all sorts of confidential data, credentials, API keys etc. I can't even imagine the damage that can be caused by a rogue terminal emulator.