Seemingly, the checking of the password and the unlocking of the stick are two separate processes, both initiated from the PC. From the point of view of the stick, they're both separate processes and unlocking can happen just fine if no valid password is entered. This is a Big Flaw. As an indication to how big: The best sticks handle all the encryption to/from the flash themselves and don't keep a password at all: the fact that the data can't be decrypted without it makes it safe. The mediocre sticks store a password inside the flash-controller and check it against a password sent by the PC before unlocking the flash-memory. This way, the password can't be found by reading out the flash-chip maually. The bad ones do the same but store the password on flash. The Secustick is even worse than that: it stores the password on flash and lets the PC do the validation, while as soon as the stick gets stolen, the PC it is put into is completely non-trustworthy.
This has big implications for the security of the stick: every program can send the unlocking sequence without asking for the password. The PASSWORD.exe program can even be easily modified to accept any password at all. If such a program would be made and turned loose on the Internet, everyone with just a little skill in Googling stuff would be able to access the stick without problems.
My recommendation: If you like the keychain, the box or the nice metal casing of the stick and are prepared to shell out E130,- for it, by all means go ahead and buy it. If you want security, buy a much cheaper, non-security USB-stick and use a program like TrueCrypt. Or even use a plain old USB-stick without encryption: while that isn't a safe thing to do at all, it at least doesn't give you the illusion of safety the SecuStick does.