Changing the autoboot password works however; I have noticed the autoboot.ini file is availabe for viewing by all users in the [app]\boot folder. Is there any way to lock down this folder or secure the file so no user will open the file and still have the password changed?
To me this is a huge security issue if I change the password but, its viewable by any user on the machine.
It's not possible to hide this at all, but also it's not really a big security hole, certainly it's tiny to the hole created by using AutoBoot in the first place.
If you use an auto-boot style mode, the encryption key for the drive is stored on the machine as well (this is true regardless of who's product you use), so in autoboot mode there's no real security at all. Changing the password is just annoying, it doesn't really make things any more secure in real terms. If you loose the machine you can't even claim the data was protected (as you lost the key alongside the data).
If I found your machine in autoboot mode, I could just use the classic firewire attack and retrieve your data, or I could try any of the published network attacks and see if there was a patch missing. I could even just wait a month or two for a new network vulnerability to be discovered and use that to attack your machine. Without pre-boot authentication, there are a lot of easy ways in.
Saying that though of course, it all comes down to a risk analysis - It may be a perfectly rational business decision to use auto boot style protection and rely on the Windows login for security. That's a different discussion.