This is neither a flaw nor news. Any unencrypted volume on any system is subject to being read if the volume is mounted elsewhere.
Additionally, this requires physical access to and control of the machine. As anyone in security will tell you, when someone has physical control of a machine, all bets are off.
Then what is the point of having a password on your machine if anyone can access your files? On university campuses there are numerous laptop thefts every year and it seems like there should be some sort of protection against this. Why not request the password through the terminal?
Like Steffan said, this is old news. If it's easy for people to get physical access to your machine - which is the case for a laptop - then you should encrypt the disk. I don't know the reasons why Apple doesn't do this by default (legacy? performance?) but they don't.
I see. Well this is useful to know so thank you both! It still concerns me because I have some friends who have had their devices stolen with sensitive information and as I try and learn more about computing it's becoming clearer to me that everyone should encrypt EVERYTHING that is sensitive.
Thanks to the both of you!
Additionally, this requires physical access to and control of the machine. As anyone in security will tell you, when someone has physical control of a machine, all bets are off.