I Started Something has video demonstration of a Windows 7 UAC code-injection vulnerability. Source code has been released as well.
Hopefully this will be fixed before the final release sometime in September. Hopefully no one argues that being able to change UAC options silently is a bad idea.