The stored token is used to compare it with a passed token exactly like a password so there is no reason to keep it in clear in the database.
This will be important when we start supporting that token for something else than user profile information (which are usually readable by anyone anyway).
The only difficulty is finding a way to knows which user this token is referring to. I guess we can probably set the user reference in the optional access token scope, need to see if that make sense. It could also be part of the token value itself (<user reference>|<random string>).