There is a debate right now among the Bitcoin Cash developers and stakeholders about tokens. I believe that we need tokens that are permissionless, unstoppable, anonymous, peer-to-peer, irreversible, trustless. Few people contest these requirements, but the debate have somewhat been over what trustless and permissionless actually means.

This is somehow surprising, that a crypto currency that has all those requirements, would meet resistance when trying to build a token with the same properties as the parent cryptocurrency on the same blockchain.

Example: A company have decided to create a EUR backed token with the exchange rate 1 to 1. The company behind this have no need for smart contracts, they only need to be able to issue and destroy tokens once in a while. After they receive a SEPA transfer from a customer, the customer is being sent his tokens directly. When the customer wants to redeem, he just sends the tokens back and get a SEPA transfer to his account the same day.

Since the tokens are built into the base layer of Bitcoin Cash, the miners (and nodes relaying them) validate the transactions. SPV wallets can receive tokens and every Bitcoin Cash user have the ability to hold tokens in any kind of wallet.

Now, the philosophical question is: Is this a trustless and permissionless token? You can trust the network and the miners because of Proof Of Work. If you can't trust the PoW, then Bitcoin is broken anyway.

One could argue that it's not trustless since every holder need to trust the issuer to hold up his end of the bargain and redeem the token. One could also argue that it's not permissionless since the issuer could blacklist certain tainted tokens, require KYC to redeem the tokens, etc.

When we talk about trustless and permissionless blockchains, what we actually mean is that we trust PoW. Trustless means you trust the blockchain to hold a correct ledger. Permissionless means that you may transfer your asset to anyone without asking for permission. Being able to redeem your token at a certain price is simply an agreement between two parties. These kind of agreements are outside the scope of the operation of the blockchain. You can always transfer the token to the issuer and expect it to be redeemed, but if you can't, it's not the blockchain's fault. Just like if you would buy any other product and not getting what you paid for is something that needs to be settled outside the blockchain. I would say that this argument that tokens cannot be trustless and permissionless is false.

The empirical evidence also supports this. The best evidence we have is the USD Tether. The USD Tether have been subject to a long trust debate in the Bitcoin space. The USD Tether is a token that is very hard; impossible for most people, to redeem. Yet, it still holds the value of 1 USD and is traded on many exchanges. The USD Tether is the most successful token on Bitcoin ever. This is despite the fact that only modified full nodes can hold the token, it's not supported by SPV clients and mostly exchanges use it.

There are more examples from the real world. Music festivals are expensive and complicated to run, and sometimes they end up filing for bankruptcy before the event. This have happened many times in Sweden. Every time this happens, other competing festivals that are happening around the same time offers discounts to anyone with a ticket from the cancelled festival. Here we have a case of the issuer (the festival) going bankrupt and ceasing operations, yet their tokens (the ticket) still hold value because the market have decided that it has value. It's a good way to acquire customers that otherwise would have stayed home.

This is why it's important to have permissionless tokens that is not dependent on the issuer. In any kind of authority based 2nd layer token protocol, tokens with defunct issuers will immediately lose it's value. Not to mention the risk of the same thing happening if their servers go offline of they forgot to pay the bill to the company that was supposed to run it.