Imagine MtGox used a secure ID keyfob that generated a 6-digit keycode instead of what it generates now.
That would be 17 bits of security, and it's the same as what PayPal is using. The real question would be how many times must one get the YubiKey code wrong before the provider blocks out the account?
Ultimately, what would be the most secure is if there was a mode where every single action (for the most paranoid) had to be PGP signed. This would give an advantage to MtGox, as they would have reproducible proof that every action they took was properly signed, and there would be no more contention of "my money's gone" vs. "it's not our fault, scan your computer". Yubikey can't provide this.
That said, I haven't seen anybody say "my money's gone and I use YubiKey", so I have no reason to suspect that anyone recently claiming a loss experienced a loss as a fault of MtGox.