Microsoft / Xbox wants to "make sure this is you"

... which is fine I suppose, but what gets me is the time and place at which they chose to make sure this is you.

I went to pay my Xbox bill on (stupid) xbox.com -- turns out they had my old credit card info. Whatever. So I then proceeded to update my credit card info, and it wouldn't let me continue unless they "made sure it was me".

Great! Seriously! I was glad to see that they were looking out for my security. UNTIL I realized

what their verification method was. One would expect, or at least I would, that I'd be presented with one of those "secret question" things or something, but instead they wanted me to add an alternate email address (and/or phone number) to my account.

What, pray tell, would that accomplish?

<sarcasm>

"OK Microsoft... My alternate email is $0me1nsAn3haCK3R@iliketohack.war3z.alt.nederland.gov.binaries.wtf -- now please grant me access to my credit card info."

"Thanks! Please click the link we just sent to this completely arbitrary email address you supplied us with, and we'll be happy to do so."

</sarcasm>

Is it me?