Doesn’t surprise me, they had the crypto issues, auto whitelisting facebook trackers, now this. People just have really low standards I guess, Brave is a case of the open source piece of software that attempts to use being open-source as their reason for being good when in reality it just means they’re transparently as bad as Edge or Chrome, they just don’t require the user to understand x86 machine code and know about disassembly to figure out what they’re doing.
At least some people read the code which probably wouldn’t happen at all if it was closed source (reading machine code is a pretty big barrier) so that’s at least better than chrome or edge (although no one is pushing Chrome or Edge as “Awesome best privacy browser unlimited money download below”).
Or literally anyone who knows you. It’s based on the idea that strangers are the ones who will try to screw you over but everyone knows that it’s people who you know that end up screwing you over in most cases. So security questions are basically useless in all those cases.