That makes you vulnerable to an employee who keeps a list of these magic phrases as he is legitimately calling people for the bank. Practically untraceable.

Given that without that kind of reverse password you are also vulnerable to a malicious employee, I'd say it's a simple solution that avoids issues like the ones suffered by the author of the article.

That would imply that it is harmless which it is not, as when an attacker would recite your magic phrase, you’d be much more inclined to trust him. And the attacker doesn’t have to be or know an employee, only an ex-employee.