Same, got withdrawals unblocked after contacting support.
But, nevertheless, looking back at how it has been done I dont beleive it is about our security at all.
Think about a massive security breach through a phishing attempt from the Bitstamp POV. If it's a good phishing scheme, hundreds of users would probably fall for it (maybe even thousands? who knows), especially during these fragile times. So, instead of dealing with lost BTC and the PR nightmare, why not restrict all movement and one by one reinstate accounts after each user has had a moment to take a look at their computers and change their passwords.
Seems like a much safer alternative that makes things a lot easier for both sides.