LFDE/2FA
> ...you can lean over and hit the power button on the front, reboot with only a bash shell as you kernel, remount the filesystem input/output, and reset the root password.
Ummm... Not quite. The "bash shell" is not a kernel; it does not provide access to any core, system-level functionality on its own. It requires at least a very minimal kernel to be loaded and running first, before it can do its thing.
> In fact, thinking about it, if you had physical access to the machine, and wanted to cause it harm, you could just hit it with a big axe.
Probably. Unfortunately, most people who would go through the trouble of obtaining physical access to the machine would probably find it to be a much more valuable item in working condition.
But yes, in principal, the kind of attack you describe will work, provided the mass storage device(s) used by the target machine isn't (aren't) encrypted.
However, a hardware keystroke logger interposed between the target machine's keyboard and the machine itself can easily help you get around the encryption issue.
Which is why I recommend that anyone who uses the latest Ubuntu-flavoured versions of GNU/Linux follow the instructions presented here:
-- Ubuntu Lucid Lynx 10.04 Full Disk Encryption with USB Key Authentication
-- http://lfde.org/wiki/index.php/Ubuntu_Lucid_Lynx_10.04_Full_Disk_Encryption_with_USB_Key_Authentication
... especially for laptop users (no warranties expressed or implied, and I didn't write the article at the link provided above), and periodically check your keyboards/mice to make sure they aren't being sniffed in some way.