Actually it already has, see http://www.facebook.com/note.php?note_id=10150172618258920.

I use it too, but I must admit to wishing they would make it compatible with Google Authenticator or some other OATH implementation. SMS'ed text codes take way too long to be a good second-step when you're having to login everyday like I do (not to mention logging in from work where my reception is almost nil).

We're working on improving this flow.

However, if you tell us to trust a given computer when you log in, you shouldn't have to enter the code more than once.

I can't speak for the iOS app but the Android app will generate tokens.

It does, and I'm using it.