Likely, by asking you to get back to them how you secured your account after removing it, is likely a way to get more information. They've already claimed that they've frozen accounts, which isn't really possible, unless they had some kind of database access, which would mean they'd be able to remove the security questions themselves if they really wanted too.

In other words, this user isn't to be trusted, and no reply is warranted. If they have information about security, they can contact theymos. Other than that, them finding out who has a security question, and who doesn't is fairly simple as LoyceV alluded to above.

I suspect, a further attack would've been launched if you replied to them. Smells of social engineering, where they attempt to gain your trust by offering you some semi valid advice, and then looking to exploit that further down the line.