There aren't that many use cases for tunnel-mode I don't think.
The one major one I can think of is if the VLANs you want to put your wifi traffic on are not present on the switch your AP is connected to.
This might be the case in networks where there's routing at/to the access layer, but you still want all your wifi devices to be in one subnet.
(possibly at a remote location?)
If you've got a mesh network w/ secured SSIDs:
I don't know if the mesh connections are encrypted, so it might make sense to build an encrypted tunnel back to the controller to keep the data secure.
AFAIK: the tunnel overhead is significant.
Also, tunneling traffic back to a central point is a bottleneck regardless of CPU overhead. (especially when 802.11ac hits) Each AP could push a large fraction of a gigabit's worth of traffic. If your controller only has 1-gig connectivity it could be a bottleneck even with a small number of APs.
Other controller based solutions *require* tunnels because most of their features are implemented in the controller, not the AP.
Ruckus avoids this bottleneck by putting most of the intelligence in the AP itself.
So you don't want to have too many APs in tunnel mode.
Design your environment to avoid it when possible.