I think it depends on the generality of the software.
Obviously a general purpose remote desktop program has a lot of more legitimate uses that something designed specifically to find CC numbers.
Thing is , you could make a CC sniffing program and then realise "hmm, this might be difficult to defend in court" so you generalise it to something that simply looks for arbitrary strings of numbers. Of course the fact that 90% of your users happen to enter "16" into the box is not your fault.
The generalised program might have useful side effects as a result, but it is no less dangerous than the more specific program.
Thing is , you could make a CC sniffing program and then realise "hmm, this might be difficult to defend in court" so you generalise it to something that simply looks for arbitrary strings of numbers. Of course the fact that 90% of your users happen to enter "16" into the box is not your fault.
The generalised program might have useful side effects as a result, but it is no less dangerous than the more specific program.