The trouble with rewarding token usage is the same as rewarding LOC written/generated - if that's what you are asking for then that is what you will get. Asking the AI to "scan the entire codebase for vulnerabilities" would certainly be a good way to climb the leaderboard!
Absolutely, no one should be rewarded for either tokens used or LOC generated.
I just think in the absence of any incentives, token usage is a better heuristic as to value produced than LOC generated.
