Generating and verifying keys are two different things entirely.  Reverse engineering the code that checks the validity of a serial number will not necessarily provide any information on how to actually produce valid serial numbers.  If the serial numbers function as keys to decrypt a certain block of data, one is not going to be able to easily generate any new serial numbers; at the very least they are going to need some valid ones to start with.

So while the casual pirate may be able to download a keygen to generate a serial number for some program he doesn't feel like paying for and won't have any need of a serial database; for the cracker who programmed the keygen, the database of serials may serve as a valuable resource.

One thing that greatly helped the cracking of CSS was the fact that one of the licensees didn't do enough to secure their key; once it was extracted the team was able to generate the rest of the keys.  Had that not been the case it would have taken them considerably longer to crack, possibly with the bulk of the time taken up just by trying to find that first valid key.