Password Cracking Windows Accounts
Leaving the machine in hibernate is definately not secure, a vulnerabilty has been found where the RAM still contains the key for the bitlocker (and others) in the hibernating memory. There is already a proof of concept attack out there for this vulnerability.
The method of attack is to quickly reboot the PC and read the contents of the RAM (which isn't lost when power is cut) then a program can search the dump for the key.
http://www.eweek.com/c/a/Security/Researchers-Crack-BitLocker-FileVault/
Microsoft may have already fixed this though.
p.s. normal password changing doesn't affect the encryption though, as the encrypted content isn't accesable without the correct password, so simple password changing boot disks aren't security risks.
As was mentioned by workmad3, the best way to attack a machine that's locked without rebooting is to see how vulnerable it is from a network connection.
This will depend on the security policies in place on your network. For instance, do all domain accounts have administrative access to these PCs? If so, check the default share (\pc-name\c$). If the default share has been turned on for any reason, you have access to the entire contents of the PC over the network with your own account. I'm not sure if this works with an encrypted hard drive, but it would be pretty easy to test.
Once you have access to the PC remotely, you can use tools like the Sysinternals PsExec tool to execute programs remotely.
Of course, that's just one vector of attack, and it might not even work with encrypted hard drives, but it gives you an idea of what could be done.
EDIT: If the laptops have an active Firewire Port you could take a look at to this vulnerability. Again, I don't know if this would help with an encrypted machine, since it's based on direct memory access (which should be encrypted).
Obviously, if someone has physical access to the machine, all credentials stored can be considered compromised.
If one can, for example, boot from an USB device or optical drive, one can use point and click tools such as Ophcrack to recover all passwords. Instructions here: USB Ophcrack | Windows Login password cracker
Edit: Yes, I'm aware that you theoretically can't get back into an "encrypted hard drive" if the machine is rebooted. Whether or not that claim holds depends entirely on the software used to access the encrypted partitions. BitLocker seems to do a decent job, but many earlier implementations were basically a joke - and if you can access the machine it's trivially easy to dump the SAM database to the USB stick and perform the cracking offline.
Well, my first thought would be to wake it out of hibernate, get to the password screen and then start seeing what is vulnerable through the network connection. If the actual machines network security isn't up to scratch then you could get access to a lot of the information this way.
I wonder what would transpire if you burned a CD-ROM with an autoplay.ini suitable to the purposes of your experiment, then caused the machine to wake up from hibernate mode. I actually do not know what would happen, but that sort of methodology is what I would explore if trying to attack a hibernating machine -- get it to wake up and introduce an executable into one of its ports. Does it have a firewire port? In theory it is then hackable from that interface.