Siri is allowed access to device and app information and a recently discovered flaw that would let unauthorised people access an iPhone's contacts and photos even from a locked screen.
The Tame Apple Press is claiming that the flaw is a feature because Siri is just eager to help anyone who asks. Basically it is like having a worker in an office who guides you past the security guard on the door and loans you their security card so that you can go anywhere in the office you like.
The flaw was found by Jose Rodriguez who revealed another lock screen vulnerability September last year which Apple actually patched.
This new hack involves activating Siri with a long press of the home button, asking her to make a Twitter search, and the hope that it results in some Contact data like an e-mail address. If that's the case, you will be able to use 3D Touch to bring up the option to add or modify the contact. This leads to opening the iPhone's contact list and being able to view Photos, depending on how the app is configured. Since 3D Touch is required in the process, the flaw is limited to the iPhone 6s and 6s Plus.
For now, the only way around this bug is to revoke Siri's access to Twitter and Photos until a fix is made available. Of course you could just hit it with a hammer and buy a phone which has security, rather than one which says it has security.