Must have found that "backdoor" in the non-open part of the OS? ;)
I am just kidding.
What was the password, like "QWERTY7" or something that can easily be typed?
The only thing I can think of is that the 3 year old must have hit a "Single mode" key and it automatically booted into root single user mode? Something like Linux and *BSD have? It somehow automatically loged into the root account?
Usually I disable the root account and use a different account myself. I run each process as a different user with only access to what it is running. Like a "Web" user with access to the web files and nothing else, etc. That way if an exploit is run, they can only access what the process is using. Otherwise if everything is run as root, one exploit and they got root access.
I'm waiting for my 3 year old to hack into my Windows 2000 Server and IIS 5.0, I can't wait to see "This site cracked by James" on its home page. ;)