I guess the MITM attack could be mitigated in the OS by showing an "encrypted keyboard connection" UI indicator of sorts. Assuming the MITM hardware doesn't exploit a vulnerability in the OS to incorrectly show that indicator. ;)