if they don't have the password they're not gonna get anything
more or less than if they know the password to Filevault.
That's not really true: you can remove the disk from the notebook
and mount it from another computer, regardless of the password
protection on the notebook (eg, OF/EFI password, user accounts).
Second that:
To crack Open Firmware Protection just remove physical memory - the
PW will be gone.
To read data from a non-encrypted hard drive, start-up the laptop (or
the iMac or any Apple computer for that matter) in Target Disk Mode
and set Finder to ignore permissions.
To read a non-encrypted hard drive from any computer runnning any OS,
connect it to a device you can mount on your machine. For starters,
an IDE device: http://www.granitedigital.com/catalog/
pg19_firewirebridgeboards.htm
In other words: If I have physical access to your machine, only
encryption will keep me from reading (or writing to) your data.
Whether you need encryption or not is up to your policy.
Then again, encryption needs evaluation - FileVault is good, but PGP
can be better if configured properly.
