To be more precise, the SIM is actually a crypto CPU that stores a private key, and can perform crypto using that private key on behalf of the phone, without betraying the key itself.
This is also how Chip-and-PIN debit/credit cards are designed to work (so that a rogue terminal/skimmer can't just clone the card number), although there are various real-world implementation flaws with most of those.
To be more precise, the SIM is actually a crypto CPU that stores a private key, and can perform crypto using that private key on behalf of the phone, without betraying the key itself.
This is also how Chip-and-PIN debit/credit cards are designed to work (so that a rogue terminal/skimmer can't just clone the card number), although there are various real-world implementation flaws with most of those.