This writeup suggests the question: are there operating systems that support un-forgeable password requests? That is, these requests have a certain color, window detail, or UI feature that can be produced only by a system dialog, not emulated by a malicious app.

I suppose it is hard to design this feature in a system where applications can go full-screen and draw what they want on the screen, pixel by pixel.

Maybe something like the system asking you to press ctrl+alt+del before entering your password, where ctrl+alt+del is a key combination that cannot be intercepted by an application.