Actually, it sounds more like an [outsourced?] helpdesk bod, possibly trained in taking notes but no in-depth security skills, took the call and made the 'decision'.... a 'decision' arrived at by following a script/flow-chart thta led a box marked 'not a flaw'.
Of course, the flowchart was probably designed by a PH clueless mid-level manager wanting to make his mark :)
Biting the hand that feeds IT
