Uhm... am I the only one who thinks this is a vague as fuck answer and should've taken more than one sentence to properly inform users of their data protection methods? It can't be just me...

Lots of people and companies are afraid of being open about their security measures, mostly they believe that this might make them ineffective.
In some cases, that may even be true.

But yeah, that little info might also mean they're full of bull.

Someone might have forgotten that there are multiple interpretations of what appropriate means (and that many of them are wrong).