New Flaw in Password Security!!!!

Can you please talk with the developers and get back to me about this issue? I noticed another post that is now unanswered and pushed off to the side by newer posts that talks about this very same thing. In the various posts made last night, Robin mentioned that the security question/answer data was part of the data that was comprimised. Given that you are allowing people to bypass the email verification step, and selecting the security question/answer to reset passwords, what is to stop the intruder from resetting anyone's password by using their security answer and bypassing the email step? Also, I'd like to know if any of the friends list data, SL home location, or payment transaction information was also stored in the database that was broken into? Considering friends and payment transaction information is available from the website, I would figure it would be in the same database that was attacked. If so, those methods are just as faulty as the secret question method. I realize you're dealing with the back lash from people that don't remember email addresses, used fake email addresses, or can't remember their secret question, but at this point, you are putting the entire SL user base in jeopardy to help those that have forgotten. Any and all content, L$ balances, and land holdings are at risk if you continue to allow people to bypass the email verification and use data that is now potentially in the wild. What is Linden Labs going to do about the on going security holes in their system?