This is normal operation and in some ways a convenience.
The first rule to ANY computer security is to restrict physical access to the machine unless there is no other choice. If it's a public machine:
1. Remove/secure the CD drive so they can't load programs
2. Remove/secure the floppy drive so they can't load programs
3. Cover/Lock the front panel so they can't press reset
4. Cover/Lock the front panel so they can't press power
5. Secure the power cord so they can't yank it
6. Secure the case so they can't open it
7. Cover/secure the USB ports so they can't load programs
8. Cover/secure the serial ports so they can't load programs
9. Cover/secure the parallel port so they can't load programs
You get the idea. I don't care what computer or OS it is, you give me unrestricted physical access to the machine, and I WILL have the whole cookie jar
So you need to lock that machine in a room or secure it from physical tampering in some way if you think there is a chance that someone you don't want to mess with the machine gets to it.