With RSA doing the keyfill at point of manufacture, the customer just needs to load the seed file for the entire batch onto their authentication server and then hand out the token
Don't forget that the tokens also expire every couple of years. If it customers were able to load a new seed themselves, then they wouldn't need to purchase new ones as often.
re: surprise at lack of QA or automated unit tests — “most engineers are capable of writing bug-free code. it’s just that they don’t have an incentive to do so at most companies. when there’s a QA department, it’s easy to just throw it over to them to find the errors.” [EDIT: please note that this was subjective opinion, I chose to include it in this post because of the stark contrast that this draws with standard development practice at other companies]
This guy's obviously fresh out of college. It would be interesting to hear from someone with a little more real-world experience.
"What man has done, man can aspire to do." -- Jerry Pournelle, about space flight