It is doing something different than RFC 6238, which theoretically is more secure. The way they have it implemented is worse than if they did nothing though. If they cared at all about security they would have pulled it down years ago when this vector being abused was first being reported by users. But nope admitting a mistake isn't in the vocabulary of. The leaders definitely know what they're doing.