The maths of it does seem completely wrong.
I can't find any information on what actually sits in the squares (single or double digits), but for single digits the results will always be 10^x where x is the number of digits in the sequence.
To get 25^4, they need double digits and may as well just go for a 10x10 square, giving them 100,000,000 possibilities. If it's a matter of ease of use (maybe people can't remember a 4 step pattern in a 10x10 block), even a 3x4 block offers double the security of 10^4. There is no reasoning given on their site for why it would be a 5x5 block.
I'd go with it all just being wonky maths though. Here's from their site:
"However add into the ‘mix’ the fact that up to a third of users write down and carry their PINs with them, and that many more use easy-to-remember numbers like their spouse’s birthday, overall security is reduced to say 5000:1 or even 2000:1."
2000 possibilities for a spouses birthday?
If day and month are both single digits (3rd april say) we can have d/m/yy, 0d/0m, 0m/yy as easily memorable dates (and lets face it, someone using a spouses b/day is not going for hard to remember). This is 1/3, nowhere near the 1/2000 or 1/5000.
Even changing the zeroes to any other number, with those 3 date combinations there are 111 possibilites.
Using a spouses birthday only becomes a liability when someone knows that date, for someone who doesn't know your spouses birthday they are right back at 1/10,000.
If the pin is written down and you're assuming the thief has it, it's a 100% probability that they have your PIN. If you assume they don't have the PIN, then again it's back at 10,000 possibilities.
Besides, a pattern can also be put down on paper and is harder to disguise as something innocent like a phone number.
And Jonathan Craymer likes to call it "chip and spin" :-P