I've just read the following:
And DO NOT STORE THE PERSISTENT LOGIN COOKIE (TOKEN) IN YOUR DATABASE, ONLY A HASH OF IT! The login token is Password Equivalent, so if an attacker got his hands on your database, he/she could use the tokens to log in to any account, just as if they were cleartext login-password combinations. Therefore, use strong salted hashing (bcrypt / phpass) when storing persistent login tokens.
(in this answer: https://stackoverflow.com/a/477578/943102)
I thought that hashing is supposed to be used because people use the same password on multiple sites and it prevents the attacker from breaking into other accounts of the same user. Since the login token is a random value, this risk is not present in this case. I'm obviously missing something but I couldn't find any further information about this. Can somebody explain?