The fact that any application can spoof the os password prompt makes me wonder why they don't have a prominent feature to show the prompt is from the OS. On windows there is the secure desktop with the dimming effect.
It's not spoofing the prompt. The prompt is OS X native, DB is basically telling the OS "Hey I need root", the OS displays the prompt, and grants root access to DB. So it is a system prompt