I'm confused, are you saying the whole token system is poorly designed? The database should only contain the public key equivalents for the physical token generators. The private key equivalent data shouldn't exist anywhere outside the key-fob.

(It's like you're saying stealing the password file would give you remote access to a UNIX system, without further decryption/password guessing)