Yes, servicePerPod was created exactly for the case where you have long running transactions and they can fall under different cursors / mongos pods.
As for not scalable - what do you mean? Do you mean that if you scale mongos from 3 to 5 nodes your certs will not be there? Or that your application will need reconfiguration?
In our experience mongos sizing is quite static as it is just a proxy and they do not consume a lot of resources, so scaling is rare.