The KM server database contains the private encryption keys for every user in your entire organization. It is recommended that you back up all KM server data files in the Kmsdata subdirectory (for example, Exchsrvr\kmsdata\*.*) separately from other data and that you make sure these backup tapes are stored in a more secure manner than your everyday backups. All keys in these files are 128-bit RC2 encrypted, so this database is extremely secure.
The problem with tape cartridges is that they are maintained offline. If someone were to steal one, that person could restore the files to his or her own server, and then try to crack the key used for the database, with no fear of being detected, he or she is logging on online or is already logged on, or for various other reasons.