It helps if you look at your virtual machine just as you look at a physical machine. Access to your vdi file is (practically) equal to access to a physical harddisk.
With that in mind:
- Access to a Bitlocked vdi file without Bitlocker password is not possible (unless the Bitlock encryption is broken).
- If you are running your virtual PC, no one can access your files unless you share a directory or a drive (don't forget about the administrative shares (
$C
, etc.) that Windows or your virtual machine creates for you. In other words: securing your virtual PC is just as easy (or just as difficult) as securing your physical PC.
Ps: note that on the Information Security stack I would have said: everyone had access to your files, unless you prevent them to have access to those files. But here on Super User I'd like to look at it the other way around.