I've noticed that many many installers like to run as with administrator privelages (root) that do NOT need to. Take MS Office for example; the last thing that I want them to do is have unlimited access to my machine, not to mention that there is no reason that it needs it. Also, the new Stuffit installs an unstable KEXT, which it does not notify the user about, which it could not do without root privs. Here is my solution: Make the authentication framework used by these malicious installers unable to launch as root!
It's actually quite simple and will NOT damage any Apple-supplied applications, nor Apple's Installer.app. Disable the SUID bit on /System -> Library -> CoreServices -> AuthorizationTrampoline. To do this simply type (in the Terminal):
% sudo chmod u-s /System/Library/CoreServices/AuthorizationTrampolineYou will be asked for your admin password, but at least this time you will know what it's being used for!
Mac OS X Hints
http://hints.macworld.com/article.php?story=20031116233818829