An attacker could take complete control of your system by booting from an external source. By booting from an external source (e.g. a live Linux CD) many of the security settings are bypassed. If the attacker can modify the GRUB settings they can boot into single user mode which allows admin access to the system.

Additional explaination and hardening can be found in Section 3.1.2, “BIOS and Boot Loader Security” of this guide.