As anion's answer points out, the data on your hard disk is generally not safe under the system you described. However, Windows does offer several encryption methods beyond just BitLocker, and they might be helping you out already.
- Encrypting File System (EFS) is a way to transparently encrypt file contents (though not the metadata, like file names or sizes) such that they can only be decrypted by authorized Windows users. Assuming the files hadn't been shared with any other users on the same machine (or domain) whose passwords were crackable, the contents of those files would be safe. However, EFS is only available on the higher Windows editions (Pro, Enterprise, Server, etc.). Additionally, it is rarely used unless the user manually enables it (software can enable it but very rarely does so).
- Data Protection API (DPAPI) is a way to encrypt arbitrary blobs of data (which can then be written to a file, registry key, database, etc.) so that they can only be decrypted by either the user who encrypted them, or by any user on the machine that encrypted them (typically, the user-specific form is used). DPAPI is available on all editions of Windows, and - possibly for that reason - is reasonably commonly used by software that wants to store sensitive data. For example, Chrome encrypts your site data (cookies, passwords, etc.) using DPAPI. Windows itself also uses DPAPI for some data, including the built-in password storage (used in Edge and IE) and to protect private keys in the certificate manager (even if you don't explicitly put passwords on those keys).
Both DPAPI and EFS use encryption keys protected by the user's password. This means that an attacker can't learn those encryption keys without breaking the password. Normally breaking Windows passwords is relatively easy - the hashing function used is decades out of date and not even used in a very secure way - but a sufficiently long and random password is still de facto uncrackable. Similarly, the encryption algorithms used with DPAPI and EFS aren't the latest, but they're secure enough that it would be very surprising if even the NSA could break them (either by cryptanalysis or by brute-forcing the key).
Note that it's quite easy, if you have access to a computer's unencrypted hard drive, to overwrite any user's password. However, if you do this, it becomes impossible to ever recover either the DPAPI or EFS keys, so any data protected using either feature is lost forever (unless the keys and/or data were backed up elsewhere).
So... you're still in major trouble. All your unencrypted files (pictures, documents, any local emails or chat logs or whatever) will be exposed. However, the attacker will probably not be able to see passwords that Windows or Chrome (or some other browsers) were storing for you, or use your saved browser cookies, so you're more likely to be safe against an attacker compromising your online accounts. Some especially security-conscious desktop software might also have protected its files, especially if your Windows edition supported EFS.