The token can be issued with a commitment to the pubkey of the receiver that is enforced by the mint and that commitment can be verified by every reader, that's what nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg told me. This is very necessary for the protocol to work in a public environment.

We probably also have to check if the tokens are issued by the set of mints specified as trusted by the receiver.