If an empty answer would allow you to set a question without having any correct answer, that would be interesting to steal time and resources of an attacker (without wasting own time). However, a long random string should have the same result. But I feel uncomfortable with having any security question active.