You have to be able to get new keys made without having an original to read. A database of vin, key would be too big of a target and would have to be shared with dealers anyway so they could program new ones. I'm not a security expert but it seems like it would really shorten battery life on the fob if you wanted to protect against replay attacks by adding a time sensitive value.
mppm|10 months ago
As for replay attacks, that's where the button press comes in (like on a hardware security token) -- the key only responds to challenges within a second or so of a button press and the car sets a similar timeout for validity.