In the JS script, include the nonce in data, as in the following example:
jQuery(document).ready(function($){
data = {
action: 'hello',
token: $( '#token' ).val()
}
$('#stupid_form').submit(function(){
$.post(ajaxurl, data, function(response){
$('#response').html(response);
});
return false;
});
});
Additional Note
<?php wp_nonce_field('hello', 'token'); ?>
generates a hidden input with a markup similar to:
<input type="hidden" id="token" name="token" value="d9e3867a0e" />
i.e. the nonce name becomes the name as well as id of the input.
That explains the token: $( '#token' ).val() in the code I provided, where the format is NONCE_NAME: $( '#NONCE_NAME' ).val().
However, you may also target the name like so: token: $( 'input[name="token"]' ).val()