what is the concrete gap you see that should be filled? all DFINITY can really do is provide best practices. I am sure that if it makes sense to add, the security team will be happy to provide better docs.
I still do not understand what exactly you mean if you talk about “token security”, please elaborate a bit more. as @skilesare already pointed out, the hack on Odin had nothing to do with ICRC-1.
I am not sure if I agree here. of course Internet Identity is an awesome way to integrate user authentication into a dapp, still the dapp should be free to decide what authentication method to choose. in case of Odin it was SIWB which had a serious bug that could be exploited 
however, when it comes to storing assets and actually using (ICRC-1) assets on ICP across different applications, then it might be better to store these in a separate wallet/signer (e.g. OISY) and handle token related activities with the signer-standard which is being adopted by many DeFi related dapps as we speak. please note that you could still use II for authentication/login and then request to access funds from another wallet/signer only for token related activities.
Björn actually provided his point of view in a relevant post here in the forum back in November: PoV: Do not use ICRC-28 for Defi
And again, this is still not at all related to what happened to Odin.