True, but anyone that can gain privileged access to the computer is already king of the castle. Why attack it offline when you can just keylog it? I think it goes back to being one part of an overall security posture. Encrypt your workstations and people can't just pick them up and own them.
