It seems to be fairly commonplace for people to answer them with gibberish to avoid the aforementioned problems, and (most? all?) websites will override them if you claim you don't remember what answers you gave. This appears to do nothing to make my account more secure, it just makes me want to avoid using your service.
So, for people who have implemented 'security' questions as a form of authentication, what purpose do you think they serve? Are the answers being sold? Is it just theater because you think it will make your users feel safer? Is there some other benefit to collecting this seemingly unnecessary data on your customers and storing it in plaintext that I'm failing to recognize?
I don't know how frequently data collection happens with security questions, but I view security questions more as just a consequence of bureaucratic inertia and how development works. Imperfect security practices by developers persist because security is hard, many developers have no real formal training in it, and you follow along with what other developers have done and what you've seen in the wild because you have no other option to avoid making a fool of yourself. You're not going to get fired as a developer if you copy your bank's security practices: but you might if you try and innovate and get things wrong.
Think about something like complex password rules for websites. I can imagine that at one time there was a reasonable justification for that practice to emerge (training masses of people who never used computers before to choose complex passwords rather than just using a birthdate or simple word) but nowadays they're just a user-annoyance that decreases the security of passwords because it limits the number of possible character combinations. This practice seems to persist for no reason other than dumb bureaucratic inertia. Everybody does it: so that's the way it is. And since banks and big companies do it, this is the dumb practice that's going to persist for a while.