Efs requires certain file systems, policies, and certificates to work. If you think about it, I'm sure you can figure out many ways to break it.
For example, the backup utility can be used to copy a file from an ntfs partition to a fat/fat32 partition. When you backup the file, it is automatically decrypted and copied to the new location in plain text. Windows only requires NTFS permissions to decide who can back up and restore.
Any user, no it doesn't have to be the domain admin, that has been grated the appropraite permissions within AD to change a GPO can edit who is the default recovery agent in a domain.
If someone with GPO admin rights edits the GPO for EFS, they can reverse any encryption already in place and prevent any future files from being encrypted.
Then there is the fact that efs requires a certificate to decrypt the ddf/drf. If you have an enterprise CA, you could be granting recovery agent certificates without knowing it.
There were a few more, but off the top of my head, I can't remember them.
Oh yeah, don't forget about a stand-alone workstaiton running 2000 professional and using efs. There is no way to prevent someone from trying to make the workstation join a domain. When it joins a domain, it now uses the domain EFS policies and recovery agents.
Basically, Microsoft requires that you COMPLETELY understand NTFS permsissions, Group Policies, and Certificates, as well as physical security of certain PC's. All of the above must be strictly adheared to for efs to work with any degree of reliablity. However, I have yet to see any business that has been 100% on all aspects of security. It simply makes administration too difficult for most enterprises.