if any user goes to the terminal and does sudo -s and when prompted for a password enters their OWN password they have gained root access. For some reason Apple decided it would be nice to include ALL:ALL in the sudoers file by default. This is a HUGE security hole so you all might want to look into locking down your sudoers file. If a user issue's passwd after doing sudo -s they will change ROOT's password. You all better check this out.