I can see one massive advantage is that you could disable the db access/verification for service-to-service communication, since revoking an internal service token is exceptionally rare (and if it occurs, you have much bigger problems to worry about).