Why would that be the case? It just seems stupid to do so. A security answer is pretty much functionally identical to a password. Doesn't make sense not to hash it(there are no uses of the answer where you would need it in non-hashed form)
They're often used by support agents as a workaround for giving them your password (which the entire world has been diligently trained not to do, right?). They're also often case-insensitive and ignore punctuation, and while it's quite easy to handle that in a hashed scenario, they're usually implemented by programmers that don't get security.
Of course, the same apps with security questions are probably the ones not hashing your actual password in the first place.
Yeah it is stupid, probably because security answers are needed to trigger some system on the server side (not to decrypt anything) and if an attacker has access to the DB, probably can already trigger the process. But actually they are even more sensible to reuse than passwords, so they should be hashed.
I'm not sure about all security questions, but I have noticed many credit card support lines ask me for my mother's maiden name, and the answer I give is long and not easily spelled but they always confirm -- instantly -- "that's it" and and proceed.
Think about last names, as well... there's huge variety in length, spelling, etc. -- it's poor customer service to force the customer to spell it out letter by letter -- so it's necessarily just displayed there on their screen.
Yep, I always simply generate another random password and save it in my KeePass along with the actuall password, together with the question (custom or whatever was choosable).
I make up additional weird randomness (but stuff which would be hilarious but not incredibly offensive to say to a CSR) and save it in my password manager for each account.
I use it as password hint if I can (e.g. make it show the first character of my password, I'll remember it then). As answer I enter like 50 random characters which I don't write down or remember or anything, since I should simply know the password or use my recovery e-mail.
The problem is that most sites won't let you set your own question. More about my idea on security questions: http://lucb1e.com/!65