This is even worse than I first thought.  In an N-of-M backup, each of the M sheets encodes a linear equation (linear in the unknown coefficients, not in x).  Together, they can be solved to find the N coefficients of a polynomial.  It requires N equations to find the N unknowns, this is where the most of the security comes from.  In addition, you want to avoid leaking information that could potentially reduce the search space for the unknowns, hence the random x values.

But if each sheet reveals a coefficient, then there are TWO equations on each sheet!  (y = c_0 + c_1 * x + c_2 * x^2 + ...  and c_i = x)

Thus you only need N/2 sheets to recover the key !!!.  The seed can be recovered from a single sheet of what was supposed to be a 2-of-M backup, or from two sheets of a 3-of-M or 4-of-M backup, etc etc.  

At least only the oldest Armory backups have this awful flaw.  The newer ones potentially leak some information that makes finding the key a little less impossible if you already have N-1 sheets.

NB: This is of course assuming that I have not misunderstood goatpig's undoubtedly slightly simplified explanation of the flawed algorithm.