This makes sense for enterprise uses where an organization wants to keep private key material off a server, but don't want to spend the money for a enterprise security key manager.
Yes - I'm not saying it shouldn't be possible to configure it that way but it is not great that (at least for OpenPGP) there's no way to set it to require physical interaction to gain access to key functions on the NEO.
