My understanding of accessing a Citrix XenDesktop from a home PC is:
Download the Citrix plugin. Go to the Citrix XenDesktop server in a web browser. Type in information, including PIN and number from RSA hardware token.
At this point I am logged in and can access the desktop.
My question is, why do I not have to first connect via VPN? Is this method of using the RSA token sufficient to make the connection secure, thereby eliminating the need for a VPN connection?
Assuming the connection is https:// (and not http://) its secure. This IS your 'VPN' for all intents and purposes. 'VPN' makes the connection between your PC and your company secure and data can be manipulated locally on your desktop or at any connection point between. However, with Xen, you're only viewing screenshots of a desktop running on a server in your company's data center. The only thing residing locally on your computer is the image... not the actual data. Does that answer your question?
The newer versions of XenDesktop authenticate by using what you could call a "fake" VPN. If your external citrix URL was https://citrix.company.com then it would flow like this:
Client --> citrix.company.com --> Virtual IP gets created --> Access is granted based on client credentials --> "VPN" is created --> Desktop is streamed back to user
In a nutshell you could say that Citrix is doing the VPN part for you through a variety of their own methods, which prevents the end user from having to learn how to perform the extra step of making a VPN connection to your servers.
