Drupal Association members fund grants that make connections all over the world.
as far as I can see, the keydata is stored unecrypted in the database. Beside a serialization of the token data, no care us undertaken to protect the key data.
For a module with the purpose to provide a safe login method, I think it would be better to encrypt the token data, if for example the aes module is installed: http://drupal.org/project/aes.
attached the few lines of code, which would be needed.