Based on the outcome of the 2008 hack, some of vulnerabilities (value stored on card, not remote server) still remain today.

AFC 2.0 has been delayed for many years, this new MIFARE attack vector will remain for a while longer as well.