PBFT can tolerate byzantine failures. For tolerating faulty nodes it needs at least 3*f+1 nodes. Suppose there are f malicious nodes which are failing to add blocks in its chain, this will result in inconsistency, and then one can figure that the same chains from rest 2f+1 nodes are correct.
Also, correct nodes always output same data to the same request in same order. In PBFT identities of all nodes should be established, there should be central authority to find whether a node can join the network or not.
Now, this is needed because PBFT works by voting mechanism which is not a secure option For example, a proposed value by the primary only can be recorded to all nodes in the way of state machine replication, which it means that there needs at least 2f + 1 agreed matching messages for the value to be accepted to the correct nodes. Without the trusted identity management, Sybil attack is possible. And this is the main reason why PBFT is not for the open blockchain which allows any node can freely join or leave the network.