Why is this post marked informative? It's wrong; and it's wrong in a critical way as far as I can tell. The video shows the password extract being done immediately on reboot, NOT after the user types in his password. The password was entered later just to demonstrate that the correct password was extracted.
So pretty much, yeah, the OP was actually correct his in concern. Walk away from the laptop, someone swoops in, reboots, grabs your password and the deed is done.