Not all of them have been, however. Ethereum was arguably not a security. It's not necessarily a security offering if you are putting something up for sale that has a value of its own, or will have a value when the transaction occurs, such that people buying the thing are not expecting to get anything like a "return on investment", and are not expecting to somehow profit from the work of the company who is making the sale.

Consider Kickstarter-style presales: the people who buy these offerings are buying a product, not investing in the company. If you were, for example, just selling a token where the token has some intrinsic value (such as enabling you to pay for distributed compute or storage), and where you're clear to buyers that there's no expectation of any kind of return, just the token's intrinsic value, then that's probably not a security.

I believe I also read that there are requirements that the thing-you're-buying have value at the time the transaction takes place, though I'm less sure about this. If you take presales for a token that doesn't even exist yet, with a plan to fund actual development of the token off the presale funds, then that may be a security. If the token that you sell has value at the time you sell it, or will have value at the time the transaction takes place, then that's probably not a security.

If you read the Ethereum project's presale materials, they were very careful to stay within all of these boundaries, from what I can discern. This is my layman's analysis of securities law - IANAL.