With PI Web API, PI Vision, etc. Kerberos delegation is almost unavoidable. But often clients don't understand Kerberos ("there is no ticket for that.."), making this a risk in any project.
While documentation recommends constrained delegation (due to the security benefits), does unconstrained delegation work for PI Web API / PI Vision / others? I would not see why it would not work. I do understand the security issue with that.