Bosses are stupid and make idiot decisions to save money.
Whaa? Well, I would hope someone running some sort of small business with employees at hand wouldn't be an "idiot". Or, that they'd realize there could be financial losses through a poorly setup network

Raelynn,
is that employee in charge of the network itself? I'm not fully sure I understand....
is the "main" computer, the computer you use? It's possible he set a "domain password".

1.) It doesen't really depend on the same password, but the same "User". This depends on the Operating System you're running (i.e. Windows, Linux..). If it's "Windows" and something like "Remote Desktop" was being used, I don't believe it allows two of the same users to be logged in at same time.

2.) I'm not sure if I understand this question fully. If you're asking whether a home computer is connected with that computer at all times, I'd say not likely. What he probably does is write down the computers IP address (the unique number you need in order to connect to), leave the "main" computer on with some sort of "Remote Connection" program running, get on their computer at home and enter that unique IP.

3.) Not likely.

4.) Every bit of information that your computer sends out, and gets from the web has to go through the network's "router" first. It is possible to monitor the information flow (i.e. Websites you visit..) from the router, but this depends solely on the morality of your network administrator. "PayPal" is pretty secure prevention of this happening, so you shouldn't have to worry too much of this.

I hope I was able to provide some useful information to ya, and please do feel free to ask more questions!