The "secret question" process is a relic of a time long gone when information about individuals was not so readily available. It is made worse by things like social networking. A few careless settings in one's Facebook profile, and anyone who joins the group for your home town can see your profile. From there, practically ANY security question is available: pet names, high school, mother's maiden name, town where you grew up, etc... All linked to an email address.
if it's important, like a bank site, there's a way to unlock your account if you did ever lose your password. i see this as using features they didn't know that they had; specifically: "disable password hints" and "disable password alternatives"
http://www.technologyreview.com/printer_friendly_article.asp...