Keystone is responsible for account authorization and authentication to all OpenStack services, as such, the entire communication transport over the Keystone API is sensitive. Information as Tokens, account credentials, and passwords are sent in clear text over the network. If the communication transport to the Keystone API is compromised, the whole OpenStack environment is at risk. For example, in a man-in-the-middle (MITM) attack, tokens or user credentials can be stolen resulting full access and control over the whole OpenStack environment.
To reduce the risk of sensitive data being intercepted, it is highly recommended to protect Keystone API communication with SSL/TLS, so all ongoing traffic to the Keystone API is encrypted.