RFID should be considered only one component in a holistic architecture of security. Since data base security is well documented any information should not be stored, but rather be on the database. This is what US department of motor vehicles have been doing for years - the car license plate can be read by anyone, but only those with access to the database can find out what it means. Secondly, there needs to be much more education regarding the physics of how RFID actually works. In my book RFID for Dummies I talked about the fear mongering that Hollywood suggests with people tracking. Physics dictates the impossibility of those fallacies.