I don't think that is quite correct. There is per-transaction stuff going on but it isn't being tokenized for every transaction.

The token is stored in the secure element but is generated by the Token Service Provider (for example Visa Token Service).

After reading the EVM token spec linked in the post[1] and the developer guide I think I'm able to answer my own question.

The card is only tokenized once (or at least not per-transaction). For in-app purchases it is using 3-D Secure and for NFC is it using EMV, both of which provide some per-transaction security. Unlike a standard card the token will only work with 3-D Secure or EMV. For example a standard Chip&Pin card could still have it's mag-strip data extracted by a malicious POS system and used at a merchant that only uses magstripe terminals. With Apple Pay (and any other network token based system) a copied token would be worthless because it can't be used at a magstripe terminal.

Basically the phone is acting both as an automated 3-D secure checkout (it is processed by the processors just like 3-D secure but the authentication process is automated) and as a contactless EMV card without the downside of also having a magstrip with the PAN on it.

[1]http://www.emvco.com/specifications.aspx?id=263