If an intruder gets physical access to a computer, they can easily gain access to the information stored on the computer. Methods range from simply tucking the computer under their arm and walking off with it to collect the data at leisure, to using a 'rescue disk' or some other method of starting the computer with no passwords, to removing the hard drive and starting it on their own computer, with full access to the information stored on the drive.
Most operating systems have some method of starting the computer with no passwords - this is intentional, because most organisations will lose or forget a critical password at some time. This can only be done when physically at the computer, however - the operating system designers rely on the user being aware of this fact, and securing the computer room.
There are methods, in most operating systems, of disabling the 'no password' start - if you choose to implement them, be extremely careful and document the passwords well. But secure the copy of the passwords.