having your bootloader set to "prompt" you is a major security risk...
BOOT ACCESS IS ROOT ACCESS...
so unless you want to give ANYBODY that uses your box the power to do ANYTHING to it, it's recommended that you disable any "boot prompts" you might be getting from your bootloader...
then you know the only way to circumvent the system is to boot the box from a cd (rescue, knoppix, or whatever)...
but of course you configured your bios (and password protected it) to ONLY boot from the hard disk...
so now the only thing a malicious user (that wants to secretly OWN your box) would have left to do is to bust-out a screwdriver to open your case and reset the jumper to clear the bios configuration and it's password so he or she can then boot the cd...
but of course by then the SWAT team would already have the whole place surrounded and illuminated with green laser beams...
# You can set a password here, and uncomment the `restricted' lines
# in the image definitions below to make it so that a password must
# be typed to boot anything but a default configuration. If a
# command line is given, other than one specified by an `append'
# statement in `lilo.conf', the password will be required, but a
# standard default boot will not require one.
# This will, for instance, prevent anyone with access to the
# console from booting with something like `Linux init=/bin/sh',
# and thus becoming `root' without proper authorization.
# Note that if you really need this type of security, you will
# likely also want to use `install-mbr' to reconfigure the MBR
# program, as well as set up your BIOS to disallow booting from
# removable disk or CD-ROM, then put a password on getting into the
# BIOS configuration as well. Please RTFM `install-mbr(8)'.