No system is perfect. There can be bugs and errors in any script or any code. Something similar happened to me at elance.com
This thing is not an absolute security issue, but was able to make breach in the phone verification security of elance (without hacking or injecting any code).
I made an account at elance.com. It asked me to verify my account including verifying my cell number before I can even bid on any project.
I was able to pass the phone verification step and post the bid on the project normally.
The phone verification is still pending, and it allows me to post bids on the projects till now.
I can’t share “how to” here, but I suppose those who feel these systems to be secure(est) should reconsider…