Originally Posted by PB
OK but should it be possible for a simple user to change passwords, even with physical access to the machine? I say no, for such operations always an admin password should be required, at the very least.
It certainly should be fixed to how it was before but it doesn't matter all that much because you can simply reboot, hold command-s and you are the root user (higher than admin) and you can do whatever you want. This has always been the case.
It's far more likely that a user will need to gain control over their machine than protect against a local user abusing accounts. If you don't trust someone on a shared machine, you wouldn't give them access at all. If you need to secure your data, you have to use encryption.