Currently, nodes only use the latest policyfile uploaded to Chef Infra Server. Policyfiles are great because they are immutable (so someone can't change the cookbook source, put bad code in and cause issues to your nodes) but someone CAN upload a new policy (overwriting the existing policy that your nodes are happily using) and your nodes will use that new policy, bad code and all.
Pinning a node to a policy revision ID would mitigate this issue, further reinforcing the awesomeness of Policyfiles:
knife node policy set nodename --policy-name mypolicy --policy-revision 8f33d94d52 --policy-group prod
knife bootstrap IP -U username -i key --sudo --policy-name mypolicy --policy-revision 8f33d94d52 --policy-group prod