You keep on saying that there's some difference between Vista and Win7 in this regard. There isn't.
There are ways to get around the security prompts in Vista just like there are ways of getting around the security prompts in Win7. That's why UAC+IL isn't a security boundary. If there were no way of getting past the security prompts, it would be a security
UAC+IL is a DiD feature like ASLR and DEP, but unlike ASLR and DEP it's a "break once, break forever" feature - once it's broken, cookbook solutions will come out for malware and they'll all start auto-elevating.