Ok, in doing some research for the MOC Course, I found this juicy tidbit of information in MSDN
Secure store service and claims authentication
The Secure Store Service is a
claims-aware service. It can accept security tokens and decrypt them to
get the application ID, and then perform a lookup.. When a SharePoint
Server 2010 Security Token Service (STS) issues a security token in
response to an authentication request, the Secure Store Service decrypts
the token and reads the application ID value. The Secure Store Service
uses the application ID to retrieve credentials from the secure store
database. The credentials are then used to authorize access to
resources.
That's just freaking cool…blows the old Enterprise Single Sign On functionality out of the water…good job Microsoft!
Also check out this cool post by Mike on SSS API
Chris