Know anyone who runs in the administrative account of a PC? Lots. Well, if they are running MacOS X 10.7 they are as good as dead. A stranger can change their password, locking them out and gaining administrative access. No kidding. Amazing. Even if the user is not running with a high privilege a stranger can still get the hashed password and crack it or change it.
I wonder how long it will take Apple to patch that one? I am sure there is a story in there about not changing what works but Apple changed how authentication works and it’s all falling apart.