It's simple security.
Since the current CC in your account is not working, your account is blocked.
You need to prove it isYOU accessing the account by using a valid card.
Look at it this way.
Someone walks into a store to pick up a TV they have already paid for by phone/online.
Hands over some type of ID (drivers license or credit card).
They check it out and something is not right.
You will need to give them something valid before they fork over the already paid for items.
We may be getting into more of a ideologic discussion here, but it's not a matter of simple security. If it were "simple security" there are many other ways to validate that I am who I say I am.
Validate by my username and password. (duh?)
Validate by my billing address.
Validate by my credit card information without actually having to attempt to charge the card.
Validate by the fact that this computer is authorized to play iTunes purchases from this account.
Validate by sending a text message to one of my other trusted devices using two-step verification.
My credit card information is all correct. The information I am putting in is all valid. Apple is trying to run an actual authorization on my card. Why? Why do you need to validate that my credit card is current and has funds available when all I am trying to do is download something I already paid for? Using a valid username and password? On a device that has been authorized?
I understand your point that it's a security issue, but it makes no sense that it needs to be. All I want to do is download something I paid for months ago.