Mac Geekery has an article about how it's potentially possible for installer applications to do root privileged operations without prompting the user for a password. This means that it's possible for an installer to install a backdoor on your Mac without asking you for a password like it should do normally when performing root-only operations. Because this is the standard setup of Mac OS X this could be considered an implementation mistake from Apple. Users expect to be prompted for a password when root privileged actions have to be made by an installer. But with relative ease installers can choose not to prompt for a password, leaving users unaware that the core of their system is being altered. The Mac Geekery article has more details and a better description of the problem.