Re: FIPS 140-2 (Was Cheap)
"Considering that FIPS 140-2, IIRC, includes as part of the standard such ignominious technologies such as DUAL_EC_DRBG, that certification just doesn't have the same 'ol shine it used to, for some people."
Apart from using an HSM as good practice in securing crypto, HSMs are used as a component in PKI because software-only security is frowned upon in regulated (financial, government) environments. Insurers won't insure and regulators won't approve systems unless they have FIPS 140-2. They also don't listen to argument that an algorithm is flawed as long as it is approved.
However: " Dual EC_DRBG has been removed, as it is no longer approved"