Yeah like said before. That can be worked around. You can install an OS without needing the bios password as long as the optical drive is set to a boot device prior to the hard drive.
What would be sweet is a hard drive encryption program such as true crypt or something like that set to encrypt the drive at your command, only making it accessable to them if they bring it in to have the decrypted… but… then again you would only have to re-install OS over the encrypted drive if it doesn’t have CMOS security.
Tough one to do on a non large programming project scale. Let me know how it turns out!