Macworld Germany has noted that once a user has logged into FaceTime for Mac with his or her Apple ID, the password on the account can be changed from FaceTime without knowledge of the old password, leaving the account ripe for the picking by any passersby of the physical computer.
The sabotage of an Apple ID is as easy as navigating through FaceTime's preferences menu to the "View Account" page. Once there, whoever happens to be sitting at the computer can change the associated account password.
As long as the password satisfies all the security rules, the change instantly applies across the Apple ID account. For example, changing the password in FaceTime and subsequently accessing the iTunes Store will result in a prompt from iTunes to re-enter your password, and the old one will not work.
Signing out of FaceTime won't help, either—the program saves your password to the field, and there's no way to opt out of password memory. FaceTime will not let users delete the only e-mail address associated with the account, so if you've already signed up, you're kind of stuck.
If your account is hijacked, the worst-case scenario is your tormentor going on an iTunes Store shopping spree on your dime. If you're wise to the password change, you can flip the password back just as easily. Still, you might want to maintain constant vigilance until Apple releases some kind of hotfix. Especially if the office prankster asks if he can use your computer to FaceTime with his sick grandmother.