Snazzy Labs did an overview video [1] about this implementation. According to them, reusing a specific hardware token is such s common practice that Apple would need to "redesign their entire authentication and delivery strategy" to mitigate this problem.
I guess we'll see how this statement holds up in the coming weeks/months.