Or a small step that enables actually problematic real compliance, combined with a bad precedent: a "secure" way to populate that birth date field is a plausible future drive-by contribution.
There is a line of reasoning out there that giving every system a different birthdate, and trying to fill it with as much false information as possible, is one way of balancing the scales. I'm not sure how useful it is, kind of like when a website asked for your age and you just put in whatever.