This is Deja Vu of an attack from years ago where RAM was accessed from the firewire buss. This study published back in Sept 2011 (that i am late to discover) revisits this attack on Lion. Security researchers from frameloss published the specifics on an attack and how to avoid it. Learn how your password could be extracted from your computer’s memory via your firewire port. Even when you thought it was locked! Even with FileVault!
Mostly you must turn off fast user switching, and activate a feature that dumps the password for added security. read all about it here. . .