You need to be an administrator, but you do not need to be root. This exploit lets you start from an administrator account for which you don't have a password (but have gained access to through other means, like exploiting an app run by an administrator user) and then leverage that into root access, something that normally requires the password for the account.

You can actually prevent the exploit from working by locking the "date and time" tab of the system preferences. The exploit will then cause the usual password popup to appear. (On 10.6 at least.)