You are reading my statement wrong. I was saying that specifically about blockchain.info. On MtGox, the yubikey is still a one-time password generator, although it never has been time dependent. It is not a TOTP token. Read more at
http://yubico.com/So, you mean that every password generated by a Yubikey can only be used once on Mt. Gox ... but that one time can be in whatever time in the future.
Suppose I generate a Yubikey, and for fun just generate an OTP into notepad, to test that it works.
Then, I connect to Mt. Gox, and use the Yubikey to generate another OTP.
If a Trojan sniffs the first OTP, will it be able to use it later on to login?