The way it works is that you enter your CSN, a username and a password of your choice. Through the population register, the system determines who you are and where you live. A (physical) letter is sent to you, containing an activation code (but not the CSN, username or password), which you have to use to activate your account.
Through a series of webservices and redirects, (authorised) websites can make you log in on the DigID website (without them having access to your username or password), getting your CSN as the result of a succesfull login. This makes it 'reasonably' secure for most governmental transactions that can be done digitally. Lots of transactions have to be done in person anyway (such as filing for a passport), and DigID doesn't seek to solve that problem.
Things you can get through DigID are permits to fell a tree, for instance. Often there are costs associated with a governmental 'product', so the chance of someone forging a DigID entry and paying for such a permit in someone else's name is pretty slim to begin with.
The tax office has had filing software for some time now. You can enter your data, calculations are made, and the whole thing is sent to the tax office servers through the internet. Previously, you had to register a 5-number PIN number with the tax office to 'sign' your tax filing. But since this year, you have to sign your tax filing with your DigID.
Getting a DigID takes a few days though (because of the physical letter), and it seemed that people would not be able to file their tax statements in time because they were too late with getting a DigID.
The solution offered by the tax office helpline? Use someone else's DigID to file your tax statement!
I have never heard of a more boneheaded advice. Basically, the tax office invites you to forge the signature on your tax statement. Suddenly, no-one can be charged with tax evasion or false filings -- just let your neighbour sign your filing! Surely you can't expect your neighbour to look over your filing to ensure it's all in order, and surely you can't prosecute people when they never signed something!?
I hope someone gets their ass kicked. If the government starts to circumvent their own security systems, why have security at all!?