Does this protect me against MITM attacks on a non-SSL site?

The login process, which Keyy handles, is protected. But afterwards, if your site is not SSL, WordPress’s own login cookie can be stolen by an attacker in a successful MITM attack, bypassing any security that Keyy provides. Using SSL (https) is highly recommended, as it has other benefits as well such as SEO.