Well, it's good to get this out here some more since people continue to white-knight this over and over, but i thought this was pretty much public knowledge by now.
Accounts have been hacked before, regardless of tokens. Just because you have a generated code doesnt mean you should be reckless with your account info. A while back there was one particular virus that hijacked your login on XI (i think it was) the moment you logged in with it, crashed your client and send the data (and the code) to a third party who could then login with it.
Back on XI, there were only two reasons to get a token. Those reasons were more Inventory space from the mogsack reward, and being allowed an infinite amount of character recoveries opposed to just one. "Added Security" really wasnt one of those reasons.
Firefox/No-script/Blockaid and not clicking on links in your email that tell you to "LOGIN NAOW OR WEZ BAN U !1" and you're pretty much safe.
*edit* Grammer didnt make sense there at the end.
Edited, Oct 7th 2013 7:59pm by KojiroSoma
[XI] Surivere of Valefor
[XIV] Sir Surian Bedivere of Behemoth