Long time ago, I read a blog about how the user must absolutely trust the dialog boxes for Ctrl+Alt+Delete and Adminstrator passwords and why they were tricky to get right..

Then I hear that now ctrl alt delete is a webview. Its difficult to believe. Do you have a reference?

the thing you need to trust is that pressing that combination shows the legit OS stuff, that it can't be intercepted (Secure Attention Key).

how the OS implements what is displayed is irrelevant

windows has all kinds of virtualizations today, it can literally run web views in separate (invisible) VMs for security purposes