As far as I know, they still need classical encryption methods (with something like shared secret key or public key for authentication) to detect active man in the middle attacks where the attacker prevents the parties connecting to each other and then pretending to both parties to be the other party by creating his own "messages" as if they came from the other party. Or at least to have some kind of additional trusted physical medium where it is impossible to prevent the parties communicating directly, capturing their "messages" and then sending your own modified "messages" instead -- perhaps based on some kind of timing etc.

And if you still have to rely to classical encryption methods to make sure you know the identity of the other party (to prevent active man in the middle attack), why not just use classical encryption methods for everything else as well, instead of using quantum key distribution?