Addendum (also, this problem is not just bad because of the password hash exposure):
You could argue that brute forcing passwords is not the most common approach. For example, harvesting a million accounts and walking away with the passwords that can be cracked through an efficient "smart dictionary" attack, and abandoning the other ones, is probably bar far the most common harvesting strategy.
It's sort of like putting a club on your car.. It's not that they can't steal your car... but there's an easy to steal one next to yours.
So having a hash+salt with SHA-512, and a secure password? If you have a cryptographically strong password, this is a low severity aspect of the problem. The other issue is being able to use the same dscl subsystem to *change* passwords, under certain circumstances, without using credentials. If you can change the logged-in user's password, su to them, sudo /bin/sh, and then reinstall the old salt/hash into the compromised account, you can effectively root the box without damaging the target user's credentials.