If you try to buy a smart card based on ARM processors you must not only fill in an NDA (including promising not to publish any software), but you must also make sure that it doesn't endup in a "bad place".  This is why you cannot buy any of that stuff over the web.

Now to question: MBED with cryptosoftware will be a very potent smart card (performance-wise) although it doesn't have all the fancy protection mechanisms that regular smart cards have.

Is this a way to circumvent the stupid license requirements for crypto?

What country are you in and where are you buying mbeds from? I didn't have to fill in any documents when buying mbed from Mouser in U.S.

AFAIK only U.S. has such restrictions and I think they only apply when you're exporting software or hardware from there. Also, I think that in case of hardware it's required only if it has any kind of crypto accelerator, which mbed's LPC doesn't have. So unless you bundle the software with it I don't think you should have problems.

Wikipedia has some info.

I'm in Sweden.  I guess this has to do with encryption key storage rather than crypto accelerators since a PC beats most smart cards by a mile.  I wll not bundle the software, proof-of-concept verfiers will have to download the binar from my site.

Thanx
Anders