Continuing my tin-foil hat dance, I’ve read plenty of opinions about the new iOS 8 keyboards. Most of it has not been educational. There’s a particularly thorough evaluation of third party iOS keyboards at Markn.ca
If a custom keyboard does not require the elevated privilege of “Allow Full Trust” you can use it with a high degree of confidence that your keystroke and other personal data is safe.
At this point, I’d only be willing to use one keyboard that required full access. Smile has a good track record and have now published details about what they do when you approve full access for the TextExpander keyboard.
Without Full Access, keyboards operate in their own container, which means they don't have access to data from other apps, including the TextExpander app itself. It also means they have more limited access to system services, for example, they can't play sounds. Once a keyboard is granted Full Access, it can share data with another app from the same developer. Once it can do that, the other app can do pretty much anything with that data, including transmitting it over the network. Simply because an app CAN do this doesn't mean that it DOES, nor that it's wise of the app's developer to even consider doing so.
I can appreciate the sentiment, but it comes down to trust, as I said in my previous post. Full access is full access. Anything the app can do, the keyboard can also do once full access is granted. In the case of the TextExpander keyboard, I think it’s fair to assume all data stays on the device and nothing is sent to an external server. I don’t think any other third party keyboard has earned that reputation yet.