OS X Lion contains an information disclosure vulnerability, which permits any user to access the password hashes of any other user on the system.
Apple OS X Lion
Information Disclosure This vulnerability allows any user on an OS X Lion system to access the password hashes of all other users on that system.
BeyondTrust Prevention and Detection:
Limit regular users' access to the dscl utility:
sudo chmod 100 /usr/bin/dscl