Re: @Success Case (was: Apple's variation of BSD ...)
I expect you are referring to the single user mode password reset use-case allowing someone with physical access to the machine and who knows how to access single user mode to reset a forgotten password - but only if the disk is not encrypted.
It's a deliberate use-case and is a policy trade-off between ease of use and security with a more secure option (disk encryption) available for those who need it.
I happen to agree it's not the best policy choice, but Apple disagree and deliberately configure OSX this way. They are in effect saying all the while a disk is unencrypted and someone with ill-intent has physical access, you already have one open door onto the machine, so allowing a second door makes no difference and it is positively helpful if users who have forgotten their passwords can get them reset them (also the password must be changed which presents a soft social barrier to more casual "family", or "staff" member compromise because it will be clear to the user password has been reset).
If you are someone who worries about security and physical machine access, you can switch on disk encryption in which case neither single user mode password reset nor direct access to unencrypted data on the disk drive are possible.
Evidently the policy isn't causing real-world problems and will undoubtedly be solving quite a few lost password user headaches also, so though I happen to agree it's the wrong policy, it seems, on a practical level to be working.