[microtonal]

You will have a hard time stealing a private key remotely from a good hardware token.

(Of course a compromised machine can be used to sign using a hardware token, but that's a different level of compromise than getting the private key.)

[rini17]

Obviously the token can be stolen,too. Also,people all the time voluntarily allow others to use their tokens if convenience demands it.

Your comment is also a good example of how the concern 'people can't manage privkeys well' keeps getting handwaved away, with sad results.

[david-given]

Sounds like the obvious solution here is to provide a blessed and convenient way for one person to allow another to use their tokens in a limited fashion.

What's the actual use case here? What are people wanting to do when they do this?