Found this on a friends site (which I recommend you read as he posts some great sys admin tips and tricks!)

We watched it, then tried it out, and it worked. It takes about 2 minutes to change the password on an account and gain access to any windows computer.

The basic steps:

1. When your computer is booting, reset it during the splash screen
2. The prompt to repair appears, durin gthe repair there is an option to show the details in Notepad.exe
3. You can use it's Open/Save dialog to rename your sethc.exe (sticky keys) and replace it with a copy of cmd.exe
4. Reboot
5. On the login, hit shift 5 times, and get a cmd.exe window
6. Use the 'net' commands to reset a local admin password
7. Login and profit.

It's way way way too easy.  Looks like the only way to secure your machine is to encrypt the entire drive so a password is required just to start the boot process.