When 3D Secure gives an Authenticated (MPI Code 237) response, that basically means that the card-holder's bank is willing to accept the liability shift to itself. The criteria that the banks set to do this really lie with the bank and, although most banks require a password, some only require the xth, yth and zth letters of your password (a good idea, IMHO, as this means a man-in-the-middle attack wouldn't get your full password) while still accepting the full liability shift.
If orders start coming through as Authenticated when no password was given, I'm guessing that the banks have decided to allow some other criteria to factor into this... My guess is that the banks have rolled-out an IP whitelist system such that, after N successful orders/password confirmations for your card from a particular IP address, that your IP address is validated for your card and it won't ask for your password.
Yes there is a higher potential for charge-backs to the bank... People on a shared/dynamic IP could claim that the hacker gained access to their network, but the bank may be willing to take that risk particularly if the delivery is to an established address and the card details all match.
This is conjecture, but an IP-whitelist system might also be easier/faster to process than the password-based authentication, taking some strain from the password servers and meaning less potential for big outages. As a 3D Secure stage is a big-drop-off point for any checkout, I expect that banks are also trying to reduce this and, in doing so, encourage vendor confidence in the 3D Secure system. I've had clients request that the payment only be sent to 3D Secure if it absolutely has to, such-as for Maestro payments, as otherwise they find that what they save on fraudulent transactions doesn't make up for the increased drop-off (thus decreased sales) of a 3D Secure checkout.
I could be wrong, but I imagine banks will have thought this one through, with lawyers, projections, graphs, and so on. Y'know, business stuff. Also, you can bet they have a switch that allows them to go back to the old system should things not work-out as expected.