"Which – gulp! - isn’t a very far-fetched scenario, unless you run a tight ship of no untrusted code."
I would assume that any non-trusted code running on a machine will one way or another be able to gain access to everything.
I don't think we are at a stage where you could install a program from an untrusted source and think that because you didn't give it admin privileges it would somehow be a safe thing to do.
It's not even true for supposedly much tighter platforms, such as Android and iOS.