Not an os-x developer, but I've always wondered are there any OS guardrails against any (malicious) application showing a window styled the same way as that popup box and just stealing your password?
I mean, I don't know how there would be? Unless they were scanning the text of every pop-up for words convincing the user to enter their computer password. There would be no way to determine intention without some sort of language analysis.
