You probably have a regular login password for your Mac, which you type in when installing software or maybe even when you deactivate the screensaver. It’s fairly secure, but there are indeed ways around it.
If a malicious person with physical access to your Mac wants to get at your data, they can simply boot into a different mode, like Recovery Mode, Single User Mode or Verbose Mode. Or, they can boot your Mac using a USB drive and get around the password that way.
Setting a firmware password will add another, lower level of security to your Mac, and will make it so anyone who wants to boot into an alternate mode will need your second password. It’s fairly easy to enable, too..