My apologies for doubting you.
As dave
mentioned earlier if the challenge question answers consist of data the site already has then it's not the huge issue it would normally be seen as.
However, exchanging a password for only the challenge question answers is not too sharp, actually it's piss poor security, IMO.
Snowy-not-logged-in