Goddit. Since the token is existing locally before being encrypted to a pukey, what prevents someone to create a client (or fork one) to include the option of keeping a not-encrypted version of the token locally, yhen psying by encryping it to pubkey. Then claiming back the not-encrypted version?
That's more an ecash-related question I guess