Anyone with physical access to the machine and enough time can get any files they want that aren't encrypted.
For a regular person? Depends on how much they know and how bad they want to see what you're hiding. A windows NT/XP/2K password is good enough, just make sure you have the folders your files are in set up so that other user accounts can't read them (can't remember what it's called.)
If you really want to be safe, get something some encryption. For encrypting files on a file-by-file basis, PGP is excellent and has a free version. This method can be terribly slow (for instance, if you want to encrypt an entire folder of, oh, say, honeymoon pictures--every time you want to look at them, you have to decrypt all of them.) But, it's also the most efficient in terms of disk usage, and has a Zip algorothim built in. Most files you encrypt will actually go down in size. PGP was also designed with communication in mind--it uses a private/public key method. Let's say you want to send those pictures to your wife--she can send you her public key, and you can encrypt them so that only you and her (or just her) can open them. She uses her own private key and password to open them, which means you don't ever need to share passwords to share a file.
Programs like TrueCrypt (free and open source) create a big container file that you can hide everything else in. The problem with this is, you have to kind of guess how much space you're going to need, and you can't add space later. So once you fill it up, you have to make another container. Containers are also "mounted" once decrypted, meaning instead of using them like a zip file, you go to my computer and use a virtual hard drive.