The root token should be revoked and never stored after initial setup because it provides complete access to the system. Keeping it active and stored increases the risk of a security breach. Best practices for security recommend minimizing the existence and usage of this powerful token to avoid potential misuse.