Most keyloggers only log keys, not mouse clicks, so I enter my username and password simultaniously while also clicking in empty areas of the webpage and typing arbitrary charicters or clicking where I already am. This will work if the keylogger does track mouse clicks but not location or if the keylogger does not know the location of the login controls on the webpage. This is probably one of the safest ways of logging in, because it is difficult to track even on the off chance that the keylogger expected it.

For example, suppose my username is User and my password is Pass. Then, I would type the U or the US in user, then click off the control and type something arbitrary, then I'd start on my password, then I'd click in the username box and type another letter, then I'd click again and finish my user name, etc.

It depends.

My work e-mail. No, not unless it was a true emergency.

My gmail account. Yes, if I'm travelling, but it has a different password than anything sensitive. Really, every account should have a different password, but how many of us are guilty of using the same throwaway password on 20 different accounts. However, I'd likely change it the next time I got to what I considered a secure system.

I would suggest running an on screen keyboard. If its a Windows 7 Kiosk, then see if you can access it:

1. Choose Start
2. Control Panel
3. Ease of Access
4. Ease of Access Center.

I would not worry about malware nailing your computer, as most kiosks are designed to run in protected memory mode. I would however worry about keyloggers, as you never know if someone has placed on on the kiosk. If you can not access that, then make sure you change your passwords frequently and use non alphanumeric characters as part of your password.

As for Evilware, we are more interested in news than your files.

I always VPN to a safe site (work, home, etc) before doing anything that requires personal or private information to be entered. Trusting a public terminal to be safe is like trusting a conman.