I agree with you, but there is zero risk w/r/t PCI:DSS if you use the FIPS standard.

The difference is that one way your lawyers won't even need to make an argument and the other way they might have to make an argument.