said by Kilroy:and you miss my point. The trick is to answer those questions in an non obvious way. said by AVD:
All fine until you get to the sites that require six characters in your answers and won't allow any two to be the same.
Back to the OP, the security risk is that someone who knows you well may know the answers to your security questions. This is the issue I have with this method of password resets. What is stopping your soon to be ex from hijacking your accounts and making your life a little more miserable? Forget the fact that most of these questions can be answered by using someone's Facebook page.