Why is a secret key necessary for remember me tokens if they are validated against the database?
In Spring Security, remember me tokens are validated by comparing them with values stored in the database. Given this, why do we need a secret key for generating the tokens? What additional security does it provide?