I own a simlock free Samsung Galaxy Note II, not rooted, 4.1.2. I am observing the same behaviour as Terence. My 14 char password now seems nearly pointless (I am a security guy).
PS I didn't buy this phone because I thought it would be secure, but because my company's customers and collegues also buy Android and iOS phones, and I like to know what I'm talking about.
I had a voicemail icon on my homescreen. By clicking it (phone locked) I was able to dial that without having to enter my password; this definitely poses a security/privacy/commercial risk. So I moved the icon to another screen (i.e. off my home screen).
However, I just found out that I can also swipe to other screens while the phone is locked. So I was able to call voicmail anyway. I have now deleted the voicemail icon.
I have an icon for the flashlight which I can succesfully switch on or off with a locked phone (this could be considered a feature). Also I am able to start "Gallery", but do not see any pictures (after unlocking one can observe that the app is running in task manager).
So far I have not been able to start any other app while the phone is locked, but I wouldn't be surprised if more information can be accessed.
Somewhat related: http://www.heise.de/security/meldung/Samsung-Smartphones-verraten-Passwoerter-1817565.html (translation: Samsung smartphones reveal passwords). Although in German, the picture speaks for itself ("ich will rein" translates to "i want in"). However, on my Note II the word predictions do not show up in the password entry screen, perhaps I have -unkowingly how- disabled this in some way.