Q. Is this really as harmful as you think?
A. Go to your parents house, your grandparents house etc and look at their Windows PC, look at the installed software in the past year, and try to use the device. Run some antivirus scans. There’s no way this implementation doesn’t end in tears — there’s a reason there’s a trillion dollar security industry, and that most problems revolve around malware and endpoints.
A keylogger isn’t retroactive to before the keylogger was installed though. Recall is. Also, with Recall you don’t need to write keylogging software and get it past antimalware scans (and keep it from getting detected), you just have to get an infostealer past them one single time to take the Recall database.
It’s very unlikely you could get the password from recall