True enough. But seriously... If the computer's going to get compromised there, anything goes, so whether or not your program is in AppData or wherever just doesn't matter anymore. Hosed is hosed.
Not sure I agree, the whole point of UAC is that prior to you clicking yes and elevating a process your computer is not compromised. In reality UAC is not 100%, especially on the default Win7 settings. Nonetheless placing EXE's outside the protected folders is just plain careless to me, you are actively circumventing one level of a users protection and saying it's done for their