I'm going to throw my 0.02 at this conversation:

well, actually this is what's known as "single user mode". All linux systems have this "feature". It allows the administrator to rescue a system if there's catastrophic problem.

Since OSX is a BSD system, basically a unix it also has this feature... Solaris, OpenBSD, FreeBSD, Linux, HP-UX,... all have this feature.

windows does NOT have this feature, therefore whenever your filesystem crashes, or your passwords get mangled and you aren't able to login, you have to resort to using boot disks to maybe beable to fix your problems, or buy tools that give you the abilities to access your system or change your passwords.

The only real way to stop it is to remove physical access to the machine.

just an FYI..
It sounds like a good thing to have if something goes wrong with the system... But isn't it just asking for disaster? As you said, the only real way to stop it is to remove physical access to the machine. But doesn't that sort of defeat the purpose if it's meant to be used by people at all?

For example, in my school a lot of teachers have Macs in their classrooms. Unless they've disabled this 'feature' using the method lumpyporridge mentioned (which I highly doubt as most of them are computer-illiterate), anyone who knew about this could wreak havoc. Especially if they are connected to the network. I think most of them are.

IMO, it sounds like a path to disaster. But I've probably used a Mac about 2 times in my life... So I don't really know. Maybe I'm missing something here.

mjk