If you reused the password, yeah, instant pwnage everywhere. If your local account password isn't used anywhere else, meh, random IRC people don't have physical access to your machine :)
No need to reuse your password. If the machine has sshd enabled, the attacker only has to guess the account name, but that's hopefully a lot easier than guessing the password.
Depends how you authenticate with your password. You could use pubkey with or without a password. Even if you reuse the password there, even if they have your password, if they don't have your private key they can't authenticate.
Remote logon with passwords allowed and sshd exposed to the whole internet (not behind ISP's NAT, not behind home NAT, port allowed on home firewall, port allowed on laptop firewall).
