Short form: on today's machines, if someone gets physical access, you're owned. Not much more to say except that with the kind of features vendors insist on embedding in the systems, you can easily be owned without physical access -- see the recent Black Hat articles, and I'm not naming names so I don't get fired. If the colo is doing their job, and they'd better be!, then physical access is not an issue because it won't happen, or, when it does happen, the people are trusted and won't mess with your box.
9grid.net has been at, first, UNM computing center for 2 years and, second, at LBL for 2 years. In all the time, there have been no issues. The people at those places are trusted. If colo staff can't own it by physical access then you've solved a hard problem and might want to start selling it. In that case, you need hardly worry about trusting your colo, so put it there anyway. Screensaver + password seems rather quaint in light of these realities. ron
