When you visit a site that requires a user ID and password, sometimes Internet Explorer will ask if you want to save the information. The saved user ID/password pairs are stored in the Registry under a key whose default permission settings make it inaccessible to all users, even the user to whom the passwords belong. Only the system itself has direct permission to read and change Registry data under this key. Using RegEdit you could modify the permissions on that key and read its contents, but doing so still wouldn't reveal anything useful, as the data is thoroughly encrypted.
On the other hand, once you've logged on to your account in Windows, all of your saved passwords can be utilized by anybody who has physical access to the computer. That person can't learn what the password is, but can use it to log on automatically to any sites you have passwords saved for. If you allow Windows to save passwords for you, you should password protect Windows and always log off when you leave your computer.
