I didn't know in which section to put this. I was recently hacked and I wonder if it's possible to get keylogger when downloading XML files, attached zip files or even using svn checkout. I've only downloaded files from Brodieman, Tuanha, Cava and Kicks.
Of course it's possible to get a keylogger or virus from downloading a zip file or svn checkout. It's unlikely from the sources you mentioned, but you would have to run the thing. A guy who made a gathering profile generator a while back did something like this iirc. Nothing wrong with scanning your HB folder every now and then just to be safe.