That's exactly what I worry about with them. Leaving it logged in like they do leaves it open to exploits. And I'm not talking about logging out every time you go to the bathroom or eat dinner - They leave it logged in literally all the time and leave it on 24/7. It's just asking for trouble.
Some asshole above said something about me being paranoid about "ninjas breaking in and stealing their data." Not hardly. But having an admin user logged into a machine 24/7 is, by default, a security hole, that needs to be fixed.
Even a lot of their non-security issues would be solved by separate user accounts, so that they could have individual bookmarks, email client configs, etc.