[danengel]

When an application needs administrator privileges, it asks for my password. The application does have my plaintext password then, right? Couldn't any application present a fake dialog asking for my password, happily sending it over the Internet, allowing hackers to do anything with my machine (if SSH is turned on)?

Not really concerned, just wondering,
Daniel

[SSharon]

I know you said that you may not be concerned but for those that are there is a program called "Little Snitch" (I'm pretty sure) that will warn you before any program can send anything, so just turn it on and try out a few of the apps you are concerned about and see if any info is being sent.

[K++]

Short Answer is Yes, Long Answer is NO.

Though any application could make a window that looks like a password dialog, they would be unable to recreate all the things that apssword dialogs do when presented. Things like locking out all other key grabbing methods, sending up a Keychain window since it is normally the one responsible for authorized transactions, and other miscellany.

What you would most want to watch out for is when a program asks for it. If a program doesn't change something low level it should not require a admin level password to gain access to anything.