I've thought about this some more, and I think it's reasonable we can making knowing a valid database username+password function as an "installer login".

We'd make these changes...

1) Change the DB details probing that we do by looking for an existing Composr install / third party forum install. We never autofill the DB password from the probing, but rather we make the database password field required if we probed successfully and found the password was not blank (this stops users submitting the form thinking the probe is autofilling all the DB details).
2) We won't allow any step after DB credentials are taken to happen without a valid DB connection being established first.
3) The above doesn't happen by DB details saved into _config.php anymore, but rather through DB connection details relayed through the steps as hidden inputs (POST parameters)
4) Disable the XML DB driver if no .git directory is present (because this doesn't require DB credentials, and we are assuming dev machines aren't just connected to the public Internet)
5) Disable using the DB root user if no .git directory present (root user is any of the DB driver's output of default_user()) (because it is common to have a root user with a blank password on a machine, and we don't want bots to be able to guess that unless we really are a dev machine in which case we can assume a higher level of dev responsibility)