As a guy who has made a living in the network security business, and is really unhappy with the state of security on the Internet, I like to see proper security in the hands of real people.
The PayPal Security Key is exactly that. This key adds a second factor to the authentication process for your PayPal account. Instead of just relying on a fixed password to log into your PayPal account, you append a constantly changing passcode to it provided by the PayPal Security Key.
The PayPal Security Key is actually an RSA SecurID token. SecurID tokens are used by corporations everywhere to provide strong authentication to end users. I have to use my SecurID token a couple of times a day to keep my VPN connection to the office alive.
SecurID uses a hardware token with a value that changes every minute or so. The card is synchronized with a server, which validates the authentication attempt. So long as you do not lose this card, your authentication will be secure.
SecurID tokens come in a number of different shapes and sizes. The PayPal Security Key actually fits on your keyring. The one I use for work is about the shape of a credit card. It also contains a keypad on which I enter my own PIN, which hashes the PIN to a different value. The great thing is that the people that maintain the SecurID server don't even need to know my PIN. It just works. ;)