Is it just me, or is the peak of stupidity in this episode the fact that the car will verify/reject a few hundred thousand passwords in 30 minutes?

Shouldn't that be security 101, limiting the rate to a couple per minute, max? Why allow such brute force attacks in the first place?

EDIT:

Or in other words, why is the phrase "brute force password attack" still even heard in 2015?