But I just don't think it's possible that he could guess some of the ones I've used more recently...
He could have added his e-mail address to one of your accounts so that he's notified of changes, or might know the answer to some of your security questions. Facebook allows you to link to other accounts, so perhaps he's linked your Facebook account to one of his accounts. There's also a setting on Facebook to notify you if your account is accessed from a computer you've never used. You need to explore all the security settings on your various accounts and use any tools at your disposal to eliminate any possible holes.
Random Geeza, so if none of this works I should just back everything up and reinstall my system?
That's a bit extreme. For now, just stick with Little Snitch to be sure that no outgoing connections are made that you haven't approved. I'm still not convinced that there's a keylogger at work here.
Could he be snooping my MSN and AIM conversations because the outgoing messages are not encrypted?
Not from 1000 miles away, unless he happens to have administrative access to a network node that all your traffic is passing through, which seems extremely unlikely. If he's sitting next to you while you're chatting over an unencrypted wireless connection, he could be snooping on your conversation, but unless he's gone Hollywood psycho and has travelled 1000 miles to stalk you, that doesn't seem likely.
Oh, and for the person who asked, he's never physically had access to my Mac. He lives over 1000 miles away and has never been near me.
That makes it very difficult for him to install any kind of malware on your machine. You'd have to have some kind of remote access set up already with extremely weak security and he'd have to know exactly how to find your machine over the internet. You'd almost have to purposefully give him access. It's far more likely that he's using every hacker trick in the book to access your accounts online.