Nah, resetting windows password in under 10 minutes is a breeze for anyone that can use google and has physical access to the machine (and trust me, I had to unlock so much computers for guys that had lost their passwords and had no password reset disk). The risk is about malware, a catch-all name for evil programs that you may download (or come to your machine in shady ways. If you are an admin they have full access to anything.
Such evil programs can steal data or cause havok in your system, but the more common just use your computer (and connection) as a drone to launch hacking attacks or redirect less-than-legal traffic.
They are the electronic version of "stolen cars used for a robbery".
Again, antivirus should be able to keep them in check, but if the account isn't an admin and the admin has a strong-ish password, you just closed a pretty obvious attack vector.