That's what I had assumed, and I recently started web development so I'm not very educated on some of this stuff, but it seems to me like that could easily be avoided if things are done right. It's a banking site though, so I guess any extra protection to protect those users is good.