In my opinion this is a huge security gap. For me personally my process when I’m forced by certain websites to create a security questions is to do as follows:
1- I choose a security question if given a choice
2- I used bit more than to generate a word-based password
3- I remove all the hyphenations
4- I pasted into the notes in bidwarden
I do this repeatedly for each security question required by the website. Usually sometimes between 3 and 5 times. This is very time-consuming. However choosing a bypass such as my last street name and putting in the real name seems like a huge security concern.
I feel a password manager should have some features to help with those. I would much rather my answer to “what street did you grow up on” be autogenerated as “goat toothpaste apple cheese” then the actual truth which could easily be figured out with public data.