Thanks all for your replies. I have been very careful about this particular wallet as it is my local wallet where I keep all my goods. I just changed the password on the account. I guess I am just confused because I thought the whole point of encrypting the wallet was for it to ask for the password before authorizing any transaction. Is this not the case? Could someone make a transaction on my address without needing to authenticate?
That depends.
The password is used to encrypt the private keys while they are not being used. If someone has access to your unencrypted private keys, then they don't need your password or your wallet. They can simply spend your bitcoins by loading your private keys into their wallet. If they already have access to your unencrypted private keys, then changing the password isn't going to help. You'll need a brand new wallet with brand new addresses, and you'll need to send any remaining balance that you have to that new wallet.
This is why I asked if you ever loaded any private keys or vanity addresses, and why I suggested the possibility that malware may have captured information from the wallet the last time you used it.