Several years ago I worked in a place where we had RSA tokens like these ones. I was told it would cost me £20 if I lost it...... I would guess that would be around $50 these days? So it doesn't look as if the $6.50 really covers the cost.

doesn't anyone agree that there is probably a way that is just as effective that doesn't require a hardware piece, thus, avoiding a charge all together.
I don't think so. This security method is based on something you know and something you have. So it must be partly physical.

The device provides a one time authentication that it periodically renews.

You have physical control over it.

It is eminently portable.

Anything sent over the internet is insecure and liable to identity theft. That is how many of these hijackings take place today. All someone has to do is wait for you to be offline and go and impersonate you and your account is owned.

Think "keyloggers" or insecure WiFi?

I am sure that Blizzard or their consultants will have looked at all the options and would have selected a lower cost one if it were available. I am certain that the payment is to deter timewasters and authenticate who gets the token.

In the final analysis, Blizzard are not responsible for your computer getting owned, your details being intercepted or you falling for a phishing scam, are they?