According to reflector, the System.Diagnostics.StopWatch class uses DateTime.UtcNow when a high resolution timer is not available. This means that a user can control the elapsed time by editing their system time.
This issue makes the stop watch class an insecure method of measuring elapsed time. A user can even make the elapsed time negative, which could trigger serious bugs because developers are unlikely to consider that case!
One potential solution is to fallback to Environment.TickCount instead of DateTime.UtcNow.
This bug may be present in other places in the framework. Anywhere multiple queries to the system time are operated upon.