The truely sad part in that response is that Apple wants you to send personal infomation via email, which is generally not encrypted and could be read by any number of admins or hackers along the path from your ISPs mail server to Apple's mail server (ever view message headers on an email to see how many places it was stored and forwarded??)
Even if I buy the argument (and I don't) that "Dave the Wave 0" posted (pick random answers - the answers shouldn't make sense in the context of the question because that's really secure), that still leaves the problem of how to remember the answers and keep them associated in your brain with the question. That's difficult for me, although others may not have that problem, On a computer, it would be trivial to store this in Password Gorilla or any number of other password management tools for lookup/copy/paste. On an iPod touch, just dealing with my (admittedly long) passphrase is tedious enough. I haven't really explored the option of running iTunes on a computer, and making all my purchases via that mechanism (if that's possible). I've treated my (recent hand me down) iPod as a wifi appliance. It's never been connected to anything except a charger.
It amazes me that banks (who have a lot more to lose) have devised security systems with pictures, questions you select that you know AND CAN REMEMBER the answer too (not maiden names, thank you).... where as Apple, a "leading technology company", comes up with this bit of crippleware, and wants you to send personal information over an unencrypted link.
The really bad part in my mind is that Apple didn't post anything on Apple.com about new iTunes security procedures. Strange extra challenges are usually a hint that the site taking your information is *NOT* the one you think it is. Asking for personal info by email is even more suspicious.
I think this is more hassle than it's worth for me to protect a $15 iTunes card balance. Obviously, those who put their credit card in Apple's hands have more to lose... However, it appears were stuck with this, so how we deal with it individually is just that: an individual choice. I doubt further discussion will lead to a different solution, so if you find the new procedure too annoying/frustrating/... then I suspect the only options are to find a work around (password storage on a computer, for example) or take your business elsewhere.