It's been a while but the last time I used PIA I noticed that their configurations were woefully insecure (BF-CBC Ciphers, no tls-auth, pre-shared keys instead of certificates). This was maybe a couple of years ago.
Yes, they recently updated their OpenVPN configuration and now have a 'strong' OpenVPN config option.
>All our servers are now running OpenVPN on UDP port 1197 with our 4096bit RSA server certificate, 4096bit Diffie-Helman key exchange, AES-256-CBC, SHA256 and TLS v1.0-1.2 support.
