Bypassing the bios password is as simple as taking the case off and shorting a pin to reset the bios to defaults. I did this in high school to gain access to the computer lab without authorization, but never got caught. If I was in high school and did something like that now I'd be a federal felon.
NT passwords are no different. I can change the NT/Win2K admin password with nothing more than a floppy disk. If they've got physical access to the machine then none of the countermeasures you've enabled will keep them out if they're determined. With that being said, they probably don't know about the things I just talked about, so you'll probably be safe with a BIOS password.
In Win98 you can also just set a screensaver password and make sure you set off the screensaver when you leave. Of course, then they can just shut down the computer, or in some cases hit ctrl-alt-delete to bring up the task manager and kill the screensaver. Microsoft fixed this bug, but there are a lot of people that don't have it installed.
God Bless Texas