If it's a laptop, the most probable account compromise is someone actually getting physical access to the machine. At which point it's game over, they have the hard-drive, they have access to everything (except extremely-well encrypted data, I guess - and there will probably be none of that)sudo then if their user account is compromised then only a subset of commands are available.
So that's not a "real" risk :-) Theft is a real risk.
If your newbie wants to become more advanced, sudo is a better mechanism to explore than "su -" is ...
-jim
