Physical access is not required in many cases. Since 2009 (32nm Sandybridge) all Intel CPUs have vPro AMT built in, allowing anyone to control the computer remotely using wireless 3G technology. There are remote exploits in the wild and the technology cannot be disabled by the end user, the setting to disable AMT in the Bios is ignored.
"Currently, Intel AMT is available in desktops, servers, ultrabooks, tablets, and laptops with Intel Core vPro processor family, including Intel Core i3, i5, i7, and Intel Xeon processor E3-1200 product family"
http://en.wikipedia.org/wiki/Intel_Active_Management_Technology"AMT is designed to help sys-admins remotely manage and secure PCs out-of-band when PC power is off"
http://en.wikipedia.org/wiki/Intel_AMT_versionsKeywords are "out-of-band" and "when PC power is off". The Intel CPUs are always on, even when they are off, provided the computer is plugged in to the power. They can remotely access all your data anytime they wish, without permission and without anyway for the end user to disable this "feature". It is well documented, so there should be no surprises here.
From my brief reading, it does require a 3G card of some kind. So as long as you remove any such thing from your offline machine you should be OK. But it's still scary of course.
I would be interesting in seeing any links to actual exploits/demonstrations. There seem to be a lot of FUD articles on that topic and not many actual facts.