While there is a concern about the plaintext answer leaking, I wouldn't think too much of it, since if the credentials db got compromised, I would assume the attackers also got everything else of value. Leaking the password at that point is no different than any other random string.
If they store the salted hash of your password but store the answers to security questions as plain text, then your advice is very bad. The db doesn't have to get pwned even, employees of the company will see it
