This was just plain bad planning:
Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackers during the initial PSN attack.
It makes sense that someone could change their own password easily when logged into their account. But when using a “I forgot my password” link, there should be more verification of identity than simply guessing a number and an e-mail address.