It wasn't clear to me what security benefit you're describing here.  What
*specifically* do you think this improves security wise?

Example:
Say you have NFS server 'polaris' and NFS client 'deneb'. You want to mount polaris share on deneb using krb5 security. For this you need nfs/ principals in /etc/krb5.keytab on both machines.
On deneb you need a UPN principal in form of nfs/.... for the rpc.gssd daemon because it is not treated as a service principal, in reality it is used to get a TGT so hence it must be UPN
On polaris1 you also need a nfs/ principal, but it is sufficient to be a SPN. Polaris1 machine is Server providing a Service so hence SPN is fine here to make rpc.svcgssd happy.

And how does it affect security? Easily - if you declare nfs/ UPN principal for deneb and nfs/ SPN principal for polaris, you making sure that only polaris can be used as a NFS server and deneb as a NFS client and not vice-versa.