Don Park's visual spoofing demo shows how easy it is to fool even experienced eyes on the web. And I have no idea how to fix it (though possibly they should have a miniature menu/button bar instead of allowing windows without navigation elements).
Reminds me of research a friend of mine was doing 12 years ago on multi-level security interfaces for the NSA. The short answer was that its much more difficult than you would expect to prevent a rogue window from claiming its at a given security level. Their approach was segmenting the color space (you need large segments since similar colors are hard to distinguish). Perhaps something similar could be done here.