The even more insane security hole is allowing someone with physical access and the password to permanently lock out all recovery options.