This is an unrelated security measure, but you are correct.
And if you pull the card out, you can't access anything anymore that requires it (and on a Windows domain that DOESNT lock / terminate the session, you'll be able to access things until your kerberos ticket expires or you need to get to something you don't have a ticket for).
I once volunteered at a hospital where they made use of a smart card security system - among other things, it would log you out if you removed your card from the reader. This closed all the programs you were running - and logging back in was a slow process.
Needless to say, the smart cards stayed in the users' PCs even when they weren't at their desks.
That's disappointing, Windows has multiple options to handle a smart card's removal, one of which is simply locking the screen, sad they decided to use the "force log off" setting instead.
I think this is a feature of the ActiveClient middleware. Also handles the PIN entry when you insert. Default windows behavior is to leave the certs in the cert store.
And if you pull the card out, you can't access anything anymore that requires it (and on a Windows domain that DOESNT lock / terminate the session, you'll be able to access things until your kerberos ticket expires or you need to get to something you don't have a ticket for).