The point of running with less than administrative permissions is so that you can provide a baseline level of security against attacks by isolating things a compromised account can effect. By running as a "plain user", damage is limited to just the account that is compromised and not the system as a whole.
Everything that can be written to by that account should be regarded as suspect and potentially compromised as well, however.
UAC is a convenience to make it easier to live with running with less than administrative permissions. It doesn't provide any additional security beyond that conferred by running as a limited account.
Note that if you are using a single-user computer and do not take steps to isolate tasks you do into different user accounts, then for all intents and purposes, a compromise of that account is as dangerous as a compromise of an administrative account (save that you are potentially spared the relatively minor part of reinstalling the operating system, compared to something attacking your data).
UAC does provide some basic guidance in the elevation user interface as to whether a program requesting administrative access has been signed or not. What this means to the user is that it provides a quick mechanism to gauge whether they are launching the program they think that they are launching and not something else. Of course, if the program isn't signed, and the path isn't one that you know is not writable except by administrators, then you really don't have any guarantee that someone without administrative permissions isn't trying to trick you into running their program elevated.
If the program is signed, then you (as the user) need to make a decision as to whether you trust that whoever signed the program hasn't lost their private key, and that they won't sign malicious code, and that they have never in the past signed malicious code or code with security vulnerabilities that would allow a medium integrity process to succefully attack a program that is launched with administrative permissions, and that no CA your computer trusts has been compromised.
It would also be a good idea to check the command line of the program in question (from the "Details" drop down) to ensure that someone isn't trying to do something evil via a known trusted program.
If you don't follow these steps, then you're leaving yourself open to being tricked into turning a plain user account compromise into an administrative account compromise.
As far as the "Aunt Gladys" case goes - sure, she's likely to get herself into trouble there, just as if UAC wasn't there. Keeping your computer from being fully compromised requires a detailed knowledge of how lots of parts of your operating system work, something that most end users aren't going to grok fully enough to protect themselves against every clever style of attack out there. Security is still hard; UAC may save some time and frustration here and there with respect to running things as a limited user, but it doesn't absolve the end user from having to be vigilant and suspicious of each and every elevation prompt and exercise their gray matter in order to make a determination as to whether to grant or deny the request.
Your attack is certainly one that will likely prove effective if users aren't careful, and I'm not trying to downplay that by any means. However, it is difficult to claim that it is a security vulnerability when it relies upon users not making use of the tools made available to them (which is required to ensure that elevation requests for a malicious program aren't accidentally granted).
