Tokens, also known as session tokens, are susceptible to different types of attacks if not secured properly. Although tokens can be scoped, if token handling mechanisms are not implemented with strong security controls, such as proper encryption and validation measures, they can still be intercepted and misused by attackers. The correct answer reflects the understanding that without adequate security controls, even well-scoped tokens can be vulnerable to interception and unauthorized reuse.