Comment 1 for bug 401503

No computer is secure when the intruder has physical access to the computer, therefore this is not something we actively attempt to control in our default installation; however we do provide options to allow you to secure against it as much as is possible.

Physical access means that the hard drive can be removed, and mounted into another machine to retrieve the data. In order to work around this, you would need to encrypt your filesystem (you can set this up from the alternate installer).

Encrypting your filesystem requires that a passphrase be entered during boot, whether or not the init system is bypassed or the computer booted into single-user mode.

It would also be recommended that you encrypt your swap partition so that forensic debugging cannot be used to obtain data from paged virtual memory.

Securing the boot loader itself, or the system options permitted, is pointless because the user can simply insert a different bootable disk with an alternate boot loader to boot the system however they want. Indeed the Ubuntu Live CD would permit this, no special "kits" are required.

Securing the BIOS would not prevent the data being retrieved by removing the hard drive.