Firstly, none of your 'security questions' are even REMOTELY appropriate, and they are not necessary! I mean, come on now, really. If you're going to FORCE clients to put something into 'security', then...