Really though, this is not a vulnerability. It is a feature. Not in the MS sense of the word either. Yahoo purposefully implemented this.

I do agree with you MLF that he did not act responsibly. He should have emailed Gov. Palin, and said:

"You probably shouldn't be using a Yahoo email account, but if you feel the need, you should really change your answers to the security questions. Someone in your position has too much information about themselves readily available to ever tell the truth on these things."

Or something like that.

And cc: The rest of the politicians, celebrities, etc.