[knux]

Unless the Mac has a firmware password. You could just remove that by resetting the PRAM, unless you wanted to go undetected. In that case, you could remove the hard drive, mount it elsewhere, and change the password hash. Is FileVault plus a firmware password the only safe way to keep your Mac?

[ryannielsen]

FileVault by itself is sufficient, at least with Lion. Even if you're able to boot the machine or mount the HD, you'll need the user's original password to decrypt the data. The Password Reset app is useless until you first unlock the encrypted drive.

(I'm pretty sure that pre-Lion's FileVault is in the same case, where you'll still need the user's old password to decrypt their home directory's encrypted dmg, but I'm not 100% certain.)