I first heard about this issue on Car Talk the other day, and recently ran into this article on Snopes about it...
It turns out that on VW cars (and other manufacturers), the pattern for the door key is based on the VIN for the car.
What that effectively means is that the security of your VW (or other) car is based solely on the difficulty of cutting the keys for the lock - all the information needed to generate the keys is publicly available (and externally visible on the car).
Imagine if the same were true of an operating system - what would we say about the security of a system where the recovery password for the system was etched onto the outside of the case, and if any helpdesk technician could come by, write down the recovery password and, using that recovery password bypass all the system protections? Of course, the technician would have to own a $5,000 hardware decoding unit that would know how to convert the etched recovery password into the real password, but once they owned that decoding unit, they could bypass all the protections on your computer.
Would you buy such a computer system?