Only thing I can think of? It solves MITM attacks accidentally allowing withdrawals.
If you MITM someone, get a login session to MtGox, you can't just "oops you're logged out" the client end in order to get another yubikey code to let you withdraw... because that would be a login code not a withdraw code. In order to actually steal from someone, you have to MITM the login session and the withdraw request, replacing the withdraw request with your own information.
It's not a huge leap of security, but it ups the bar a bit (because the user has to want to create a withdrawal while the attack is going on).