Comment 1 for bug 1211602

Yes, but to expose it in its current form, it will leak tokens that, while revoked, might not yet be identified as such by a service. There will be a window in which a revoked token will be usable, and this open a security vulnerability.

We are goint to redo the revocation in Icehouse timeframe.