MAC address lockdown is practically useless on its own (see: ARP poisoning attacks & DHCP spoofing), not to mention completely unscalable.
Network isolation & good firewall rules at the demarcs are important, but they aren't a panacea.
slacka is correct, protecting networks after a physical intrusion has occurred is very difficult or impossible.
802.1X can help when it comes to the scalability of port authentication, and DHCP snooping and dynamic ARP inspection can both help in securing networks against ARP poisoning & DHCP manipulation, but they still leave some holes open.
802.1AE ("MACsec") theoretically mitigates a whole lot of attacks, but it's difficult to deploy to end-user devices. Want to attack a MACsec-protected network? Just look for the nearest printer which likely doesn't support MACsec and has an exception configged for its switch port.
This doesn't even begin to address hardware keyboard loggers, cameras, or TEMPEST attacks, all of which are perfectly capable of grabbing up user credentials.
1) Security requires a defense in depth approach, and physical security is an important part of that defense.
2) No matter how smart I may think I am, there's usually someone smarter who can think up some attack I haven't.
3) The more security you have, the more capex, maintenance and failures you have to deal with -- it's a always a balancing act.
More on topic though... as others have said, dumb article with no new revelations....