It's still not entirely clear to me what's happening, but it looks like the scenario goes something like this: ksmserver runs kscreenlocker_greet all the time. kscreenlocker_greet looks like it examines the configuration file(s) $HOME/.kde/share/config/kscreensaverrc and/or /usr/share/kde4/config/kscreensaverrc for settings and triggers off of those.
This can't be how it's supposed to work, because kscreenlocker_greet is only run once at the beginning of each idle period. I've verified this by replacing kscreenlocker_greet with this script:
#!/bin/sh
echo "`date` - start: $0 $@" >> $HOME/kscreenlocker_greet.log
exit 0
I can then "tail -f" the log file and watch as KDE tries to lock my screen.
Fortunately, kscreenlocker_greet appears to read the kscreensaverrc configuration file, which I've modified to read as this:
Enabled=false
LegacySaverEnabled=false
Lock=false
PlasmaEnabled=false
Saver=krandom.desktop
Timeout=1800
What all of those mean I cannot say, but "Enabled=false" and "Lock=false" seem to be helpful.
The part that's still troublesome is that while the screensaver is being activated, my keystrokes are being consumed, so it appears that I'm always dropping letters as I try to type.
Whatever's going wrong is doing it in ksmserver, and that program, naturally, has no man page. For now, this config file change should prevent the annoyance from recurring after an upgrade. I'll leave digging into ksmserver for another day...