According to ComputerWorld, Elcomsoft acknowledges that Quicken uses strong encryption to prevent hackers from retrieving data and that it is very unlikely that a casual hacker could break that encryption. ComputerWorld also reports that Elcomsoft theorized that Intuit added the back door to Quicken so government officials could open password-protected files. Harry Pforzheimer of Intuit denied any software designed for government access, and only Quicken support personnel can access an encrypted data file as a service to customers who have forgotten their password.
Elcomsoft sent an official vulnerability report to the Computer Emergency Response Team (CERT), a federally funded research and development center for analyzing software security vulnerabilities among other technology security issues.
My take on this: It is always upsetting to read about security flaws in software, however, I don't think this is much of a concern for the vast majority of Quicken users. I think Elcomsoft was right to submit their findings to CERT, but had they done so without putting out a press release about it, the potential vulnerability would not have been so widely-reported to potential hackers who could use Elcomsoft's software to do the hacking. For Quicken 2002-2007 and QuickBooks 2003-2007, Elcomsoft's software only recovers very short passwords "but longer passwords can be instantly removed". All for $49. Quicken users can save $39 and have Intuit remove forgotten passwords from data files for $9.95.
How to Recover Your Quicken Password | You've Been Hacked: What to Do