I will use Adam's explanation:

PKI tokens is the upstream default and has been since the start of the Grizzly development cycle.  However, the upstream Puppet package maintainers reversed this decsion when they ran into difficulty setting up the PKI certificaters.  Packstack uses the upstream puppet modules, and defaulted to UUID tokens.   We didn't discover this until late in the development cycle. At that point, all of the QA had been done on UUID tokens, and switching to PKI tokens was deemed too risky.

For the next release, the puppet modules have switched to using PKI tokens.

Added the new configuration key CONFIG_KEYSTONE_TOKEN_FORMAT to "Table 4.1. PackStack Configuration Keys" in "4.3. Running PackStack Non-interactively" saying it can be set to UUID of PKI, and although UUID is default, PKI is recommended as it will become default in future.

PackStack in interactive mode does not prompt for token format, so nothing added to instructions under "4.2. Running PackStack Interactively".

Added some further updates to "Table 4.1. PackStack Configuration Keys" in "4.3. Running PackStack Non-interactively", including correcting command argument formats.