That is all very true.

I'm pointing out that there is a difference between a SmartCard, as used as a "badge" for, say, secure access through a locked door, and SmartCard technology as may be used in something still as critical, but not necessarily as urgent. SmartCards themselves have two "limitations", one is the time frame for action/reaction, and the other is the read range. But both of these are considered desireable by security geeks.

Using the technology as a dongle means that there is no significant urgency, as you normally have a "long" (many, many seconds) bootup time for the PC. And, given that there is usually some kind of wired connection from the card reader to the PC, it means relative ease of interception of the data as well as plenty of time to intercept the data and analyze it later. Of course, the typical big-company employee just wants to get his job done, and doesn't really care about things like that. Nevertheless, I expect you are right, and, regardless of the data itself, the actual implementation of the protection method is where the creativity must be focused. I would think
biometrics is where the efforts will be.

sarge