Security Tokens/Authenticators are useless; SE needs to fix this immediately.

[Kosmos992k]

The only thing that needs to be encrypted is the handshake and credential exchange;

No, according to another topic, there is a way to inject D/B queries to modify your character because the communication between the game client and servers - including character D/B updates are not protected and can be easily manipulated by an unscrupulous player to gain levels, items and gil. In other words cheat. So yes, I'd like to see some level of encryption between client and server, as well as stronger session key security.