Let say you have a geoprocessing service made of a python script. This GP service is protected with token. It could be very useful to be able to retrieve the info of the user who made a request to this service. (username, fullname, role, email, etc...)
With the token security, you can disable or enable requests to a service, but in the GP service, different action could be made depending of the user who made the request.
For instance, imagine a GP service that allow editing some fields values in a table. It would be nice if we could allow edits on perticular rows depending of the user. Without the information about the user, everyone who has a token can edit all the rows.