Defence in Depth: Cracking OS X Lion Passwords:

It appears in the redesign of OS X Lion’s authentication scheme a critical step has been overlooked. Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data.

To mitigate your exposure to this potential painful shortcoming, open a terminal and run the following command to force OSX to prompt for credentials (thus nullifying the threat)

sudo chmod 100 /usr/bin/dscl