According to Whitehouse, a piece of malware running in restricted mode could write a malicious control panel DLL file to, say, a user's Documents directory and then call RunLegacyCPLElevated.exe to request administrative privileges. Since RunLegacyCPLElevated.exe is a Windows application, it would display a UAC prompt with a blue-green header saying "Windows needs your permission to continue," potentially fooling the user into thinking the control panel is trustworthy.
Whitehouse went to Microsoft with these concerns and was pointed to this document (Word .DOC) on Microsoft's website that says, "It's very important to remember that UAC prompts are not a security boundary - they don't offer direct protection. They do offer you a chance to verify an action before it happens. Once you allow an action to proceed, there may be no easy way back." Whitehouse concludes by saying UAC is better than nothing, but that he doesn't believe a security system that presents unreliable information is good for user confidence. (Thanks to Neowin for the tip.)