i believe you may be right. it's good malicious social engineering defence. however, the passwords (even if rotated) would be vulnerable due to disgruntled workers. maybe something like a secret validation code stored offline that needs to be simultaneously authenticated by multiple parties but is not visible to the sender or recipient.
Discussion
Agreed, as well as something passed to each employee in a verbal state. This way, the passcode(s) wouldn't get exfil'd in a breach.