If anyone who can access my computer -- by direct physical contact or remotely -- can disable a security application without knowing the password, that security application's self-defense is lessened by definition, IMHO. Contrast with it my firewall (Comodo) which cannot be disabled without the password. Contrast it with basic Windows functions monitored by UAC: the idea is you need the password.
You can make the argument that having access to my computer is the ultimate source of this vulnerability, but I would disagree: if you're going to offer password protection you should [at least have the option to] protect the entirety of the application's functionality (again, Windows UAC). At best the current state is halfway to that goal, and it seems a clear point of unauthorized access which is easily changed (again, Comodo).