Comment 1 for bug 1329864

That's originally by design, but I agree with the notion that users should be able to delete their own tokens, even though it's traditionally an administrative function (I see it as "logging out").