Okay, I understand that sometimes security measures can make a site more difficult to use. Password restrictions, automatic logouts, extra confirmations, etc. all make the site flow less easily. But, I have to question if that is the end-all of friendliness.
I, personally, wouldn't consider a system that spews my medical and payroll information to any hacker who cares to try friendly. How friendly is it to find out that I have no health insurance because someone turned it off without my permission? How friendly is it if I start getting calls from pushy brokers and TrendWest because they found out I make more than I spend?
I'd say this guy misunderstood both words in "user friendly". I think he meant "easy for us to develop" or maybe "appears easy to use" rather than "does what the user wants". He mistakes a couple of marketing people as representing his users. He mistakes friendly for easy. He doesn't recognize the bigger issues.
So, I wrote them. I got back a response that says things like "that's not an issue" and "we've determined this isn't a security problem".