it's only unsafe if the attacker is sitting in front of the machine, physical access trumps any and all security you place on a machine anyways, so don't sweat it.. yes you can set a grub password but that is only a relatively minor deterrent to a determined attacker who has stolen your machine.
ALL Linux machines have a recovery mode, whether or not it was conveniently placed in the grub menu or not is the only difference.
it's called single user mode and can be accessed by manually (temporarily) appending the word 'Single' to the end of the kernel line of the grub entry at boot, or worst comes to worst adding
instead of single then at the prompt typing
or if that doesn't even work, boot to live media
Code:
# mkdir /rescue
# mount /dev/sda1
# for dir in {proc,sys,dev}
> do
> mount --bind /$dir /rescue/$dir
> done
# chroot /rescue
replacing sda1 with your root volume
this creates an environment in which you have root control over your installed system, and if it works, can fix a non bootable system as a last resort to having to re-install
the above methods are exactly why physical access trumps any security
so again, in answer to your query, there is always a recovery mode of some nature available on any Linux system, even if it isn't conveniently stuck in the boot menu for you.
even modern macs, which are a bsd userspace on a mach microkernel has single user mode, not sure if they have chroot but that's off topic.
