I'm currently using an AutoHotKey script compiled with encryption option for launching apps with different credentials, something like:
if %1% = "Restricted"
RunAs, %2%, pass
else if %1% = "Admin"
RunAs, %2%, adminPass
else if ...
But for example, when I want to run uTorrent with a very restricted account ( only read/write rights to its own folder ), I have to manually edit in PowerPro a new entry with COMPILED_SCRIPT.EXE as the program and "restricted D:\bin\uTorrent\..." as arguments.
So it's very boring to add new entries under special accounts. For Process Explorer or AutoRuns I have the same for the admin account.
Launcher like PStart has an Run as... option, but you have to type the password all the time.
I agree that if the pass is decrypted at memory it wouldn't be very difficult to capture it, but not so easy like calling SetWindowsHookEx() and capture the keys.