While I can trust most of my users to not try and steal an authentication token there are always a small number of people who I will. Being able to prove to me that you can't steal a token improves the security of my service.
>Asking someone to prove to you something is to say that you are not trusting them!
Unfortunately, I do not trust everyone it the world. While there are some people I can trust, my service is marketed to a large number of people who I may not trust. If my service was for just my friends I wouldn't need proof and I could just trust them.
>As soon as that token leaves your system, it is no longer yours.
No, in the real world when you take your company laptop home it doesn't automatically became your property. Knish because I send a taken to a client running on your device it doesn't mean that you can do whatever you want with that token.