Faulty Updated Password Reset Procedure????

I noticed that people can now bypass the email step of the password reset completely and just enter in the secret question answer. Given the fact that it has been stated that secret questions were potentially comprimised as well, don't you think this completely undoes all of the password changing that's taken place thus far? Given that the intruder could use the secret question answers, while bypassing the email verification step, means that they can simply follow any legit password updates, and change them to something of their chosing. This coupled with the fact that the secret question and answer can not be changed from the My Account area, or at all from what I can see from a user stand point, means that any password changes that have been made, are completely and totally useless, and our accounts are just as wide open now as they were with our previous passwords. What will be done to correct this gaping whole in security, and will there be a method put in place to allow us to update our secret question and answers? I'd like to see something similar to google's where we would be able to type our own secret questions, instead of picking from the extremely limited choice available to us now.