A passive failopen kit uses a control connection to the sensor. The fail open kit will go into bypass when the control connection is lost or the sensor signals for it to do so based on an interruption on the associated monitoring ports.
A active fail open kit uses network traffic as a heartbeat. If the heartbeat is interrupted the active fail open kit will go into bypass without any interaction required with the sensor.
Here the documentation reference:
http://kc.mcafee.com/corporate/index?page=content&id=PD24269 p 25 & 26 discusses fail open
Besides what gfergus1 said, I think there is another reason or it is the Key reason why you should choose one or the other solution. With the passive FOK there is a small downtime in the network traffic flow because end point network devices attached to the FOK lost the network link signal when FOK switch traffic. With the Active FOK in place the switching proccess has no downtime in the network traffic flow because Active FOK has its own power source and there is no network link lost.