No, we've all got to deal with them. We mostly all cave.
That is the mistake. Form-based login screens should never have become acceptable. There can be never be a trusted UI, if the password UI is a webpage (even with flash disabled, even with content restriction ).
It is just broken. It is a good paper and a very pragamtic one,too. He outline many half-way approaches one could take.
In a related vein. I think the ECP profile for SAML would be interesting in the browser. I'd like to see that happen. When it does I hope they build in a trusted visual path element.