BIOS' could still have their passwords reset by FLASHing the chip and resetting it back to default. This can be done by booting up using a Bootable Floppy or CD-ROM with the BIOS flash on it then launching the program. (Mike the CMOS battery trick still works too.)

As for gaining access to the Administrator account. I wont go into details but you can aquire the password hash for user accounts by booting up using a on-the-fly CD such as various versions of linux and aquiring the file containing the hash (whilst in windows this file is hidden from view and *******). To keep your own account secure, Id recommend using (like its said so many times) a hard to guess alphanumeric password with at least 8 characters and * special character.

That and keeping it secret is your only real security if the guy knows what he's doing.