Ok - First off very informative video, it answered quite a few questions I had about the security of InfoCards.
But I still have a question.
I get the fact that your computer doesn't have the card data on it - a plus. I get the fact that the server requests an encrypted token from your machine, and your machine gets it from the STS, and transmits it to the site your trying to view (which then can get your information).
My question is: What happens, or is planned, when a 3rd party (say a hacker who compromised your computer) obtains your .crd file(s)? From my understanding they could then use the card to login to your bank site (assuming they support InfoCard logins). Is
having it as an InfoCard greater/lesser/equal security from hackers in this sense?