Thats how its intended to work. I don’t think that’s how it’s currently working.
Then would be helpful if you explained how it differs from the description @Mobility_Princess provided, rather than letting us all guess.
It works as she described for me.
The original post security concerns are valid, any voice mail system that uses just caller ID in place of a password is insecure.