Much like an existing website a UIML application may perform a transaction or a duty containing sensitive user information requiring a login first. If you emulate the application you will have the ability to know when the user has logged in and once you can identify this, perform whatever duty it is that you want to do. While writing this news entry a paper came to my attention discussing backdooring Ajax applications that was released during the CCC conference. Be sure to check it out.
Here are some sample UIML applications so you have an idea of exactly what I'm talking about.
XUL: http://www.faser.net/mab/chrome/content/mab.xul (Mozilla Only)
WPF/XBAP: http://www.mobiform.com/demos/paintfactory/WebPaintFactory.xbap (.NET 3.0 Beta must be installed!)(IE Only)
WPF/XBAP/XAML: http://scorbs.com/workapps/woodgrove/Finance.xaml (.NET 3.0 Beta must be installed!)(IE Only)
WPF/XBAP : http://scorbs.com/workapps/woodgrove/FinanceApplication.xbap (Same req as above)