I agree that the someone having access to run arbitrary code on a machine is a much bigger deal. In this case, the difference between this debugging feature and an installed keylogger is the use of trusted software to perform the keylogging. When the mictray issue came out earlier this year, I ran across a blog post you may find interesting [1]. To summarize, the author repurposed the HP executable to log keys to a remote server using webdav.

[1] https://diablohorn.com/2017/05/12/repurposing-the-hp-audio-k...