Why not?
We use credit cards every day with little or no security (at least, in the US).
The watch is already more secure than that, because it requires a PIN to authorize it each time we put it on. That's logically the same as requiring a PIN each time it's used. If someone steals it off our wrist, it's de-activated for payment.
--
That said..
The watch could either act as a dumb communications intermediary, or handle the NFC transaction locally.
If it just passes info back and forth from the phone, then it needs no Secure Element.
However, the watch very likely handles things locally, simply because entire tap transactions have time limits as low as 150ms, and we wouldn't want things to get screwed up waiting to talk to the mother phone. So it would have a copy of our info... or more likely, a time-limited copy.
If it does handle it all locally, then it'll need a Secure Element not so much for the info itself, which should be pretty safe from sandboxed third party apps (unless someone figures out a way to jailbreak the watch), but more so that it can run its own local copy of each of the card scheme specific payment apps.
Which brings up again the whole topic of who provisions the MC/ Visa/ Amex/ etc apps in the SEs. Normally this is done via a link of backend providers and trusted service managers like First Data. Doesn't the watch have WiFi? Maybe it can access updates on its own?
You're right that Apple Pay is more secure than a credit card, but from what I understand of it, a big part of that security comes from using the secure element on your phone. So if the watch doesn't have a secure element, and can be used for Apple Pay without being paired to a phone, then it better have its own secure element.
For non-Apple Pay transactions I use the Google Wallet card, which is also more secure than a credit card and has its own secure element, albeit in the cloud.
As long as the watch has a secure element I will have no problems using it for Apple Pay.
