While I generally agree (even though it's locked doors all the way up for me and there are even easier ways I could compromise machines), it's foolish to disregard remote code execution vulnerabilities just because physical access is not secured.
Oh, I certainly agree. But I only agree because my threat model includes adversaries other than malicious coworkers; particularly, it includes innocent coworkers with malware-infected workstations.
By the way, ten minutes I wrote the grandparent to this comment, a coworker IMed me and asked me to break into his workstation :-). He was working remotely, trying to SSH in, his system had gotten wedged due to what turned out to be disk errors, and he needed me to rescue it.
