Security Tokens/Authenticators are useless; SE needs to fix this immediately.

[KisaiTenshi]

That's why I said the only real risk associated with this vulnerability is from client machine infection.

Basically, security-wise, it's not possible for SE to secure the client machine (or PS3.) If someone already has a rootkit on that system, absolutely nothing is going to stop the account from being stolen if that's specifically what they're looking for. The Authenticator is only "worthless" in this sense because the machine itself is worthless.