The alternative is we just say "Components are privately-authenticated S2S connections", and invoke BiDi and SASL auth and make it happen. This is functionally equivalent, but differs in that components are no longer special in any way (aside from near-mandatory support for XEP-0288), aren't backwards compatible with the older protocol, which becomes obsolete. That appeals to my sense of purity, and is likely significantly more secure in a number of ways. (At the very least, the security profile would be better understood).
Well, I think the primary differences are that a) components will appear in disco#items b) a server won't attempt to connect to a component
