Does this mean that there's a subroutine in the firmware always listening out for keystrokes?
Not saying I don't understand the feature and the justification for it being there, but this seems like something that could be exploited... Hopefully this hobby is small enough that it's not worth someone's time and effort to go after this attack surface. Persistent keylogger hidden in a custom keyboard sounds pretty scary
I've got a copy of the last Jigon firmware (April 2017), I'll stick with that one for now, it works well enough for me and I haven't encountered any bugs yet!
I wouldn't worry too much.
Keyboard firmwares by design have to keep the states of each key since it works by 'scanning' changes in those states.
Many full featured firmwares support user recordable macros and leader key macros, and for those features, the firmware needs to keep track of the last x keystrokes. This means JigOn isn't that different from others.
Even if you do have a malicious firmware installed, it needs to hand off the information it recorded somewhere specific (preferably undetected) which is virtually impossible to do within the confines of the USB HID standard.
This isn't a weak link in the chain. There are many other juicier targets.