@monoculture
As mentioned, relying on one product/system is a bad idea, in particular when it is one that is very popular and lots of black-hat skills are available to break it.
But the bigger issue is the one you raised here - RSA kept the keys to *everyone's* kingdom, so when they got hacked is resulted in all players losing most (if not all) of the SecureID's supposed advantages.
RSA wanted to make more money you see, so rather than make a product that YOU, the customer, would set up and operate, they wanted to keep themselves in the loop. For a fee, of course...
Had they done so, then Joe Bloggs Ltd would have thier own seed database and on being hacked it just screws the one organisation. Everyone else are OK (until they get directly hacked of course).
But no, a proprietary key design with them holding YOUR data. You could argue that a top security company would be much better at doing that than Joe Bloggs Ltd, of course, but the evidence says otherwise.
Why are they still not coming clean on exactly how it happened and what was taken?