This is a clear example of "good enough." Low security for low value targets -- if you need more you can get it. Setting a password, remembering a special email address, not posting via blackberry/mobile, all of these add friction.
EDIT: Although it is fun to think of solutions ... Posterous could mail you back a link; when you hit the link the post goes live. Then you would clearly need control of the sending address to post. And the link could just go to the new article, which you'll likely want to look at anyway.
I second. I have some flowers outside my house and they never got stolen. I think a lot of hackers overrate security just like a lot of nurses see diseases everywhere.
Measuring the danger of being impersonated is very difficult. It depends on how creative the attacker is and the social circumstances of the victim. Further, the victim can easily be unaware of the danger until they get bitten once.
This is going to be a serious issue for Posterous if they ever go mainstream. Opt-in authentication schemes won't be enough to prevent scores of naive people from being humiliated the first time, particularly teenagers.
EDIT: Although it is fun to think of solutions ... Posterous could mail you back a link; when you hit the link the post goes live. Then you would clearly need control of the sending address to post. And the link could just go to the new article, which you'll likely want to look at anyway.