And how much of that security do you really think is attributable to chip-and-pin and how much is attributable to the fact that your card never leaves your sight?

As with so many things, they're using encryption in ways that encryption was never designed for. At this point, you're trusting the device that the retailer provides, which is the party that you're intending not to trust. In other words, you're intentionally trusting a man in the middle.

In order for any reasonable system to work, you have to push the encryption back to the card itself. And, yes, I know that the smartcard chip does actually do encryption, but the only reader for it is the retailer's device. Fortunately, Visa is actually looking at technology like this in their Emue card.