If Lenovo were serious about security they would encourage such discussion and exploration to improve their product. Of course this is Lenovo we are talking about, the company that thought Superfish would be a super idea!
On the other hand, as evidenced by a few other comments here, there are probably quite a few who don't want the security "improved" Apple-style, to the point that losing the password really means it's impossible to recover from.
Note that this password only allows access to BIOS and being able to boot; if the HDD also has a password and/or is encrypted, this doesn't really affect security of data.
That is the trade off though. If you want a secure device you need to accept the risks that if you forget the passphrase you are fucked. A false sense of security isn't a good thing.
Correct. The HD password is a little closer to real security.
My motivation here is the same as most people buying old Thinkpads off eBay-- getting past the SVP on machines with a dead CMOS battery. I don't give a fig about any data on the hard drive :-)
