"... guests literally reaching for their deadbolts."
Deadbolts won't help when you're not in the room. I recall a conversation about this at an ASIS conference a few years ago. Then it was more of a privacy issue; for example, the management systems records when the door was opened, and by whom. It's not unlike using EZPass to record who goes where and when, or mobile phone GPS data to track movements. Law enforcement and divorce lawyers have a field day with this.
Because hackers can unlock and start cars, not to mention hijack drones, why should we be surprised they can spoof keycards?