I have used KDE for a long time. My laptop has an embedded 3G card that works better / more easily with NetworkManager/ModemManager than with more traditional (e.g. pppd, wvdial etc.) setups. Thus, I tried KNetworkManager.
However, I use WiFi networks with both WPA2 Personal, and WPA2 Enterprise, security. I don't mind my WiFi keys for the WPA2 Personal networks being stored somewhere, but I don't want my passwords for WPA2 Enterprise networks stored *anywhere*. Before trying NetworkManager/KNetworkManager, I would have all the WiFi configuration in /etc/wpa_supplicant.conf except the username and password, and run wpa_gui. The first time a specific instance of wpa_supplicant connected to said WiFi network, wpa_gui would pop up a dialog prompting for username and password, and I wouldn't need to enter the same credentials for the lifetime of that wpa_supplicant process (typically longer than the lifetime of the password).
However, with KNetworkManager, my options are:
In the 'Store' case, due to my KDE Wallet settings (including 'close when screensaver starts'), now every time I resume my laptop, I will be prompted to enter my KDE wallet password (longer/more complex than the WPA Enterprise password).
In the 'Always Ask' case, I am required to enter my password *every* *time* I associate to the the SSID.
So, maybe it is better than nm-applet (I haven't used nm-applet *that* much) or the Gnome 3 integration (which I only see when trying to help a colleague), but it most definitely isn't better than the old /etc/sysconfig/network-scripts in conjunction with wpa_supplicant approach that I have been using for the past 7 years. On Mandriva (and Mageia), the net_applet tool can do all that configuration anyway, so there really doesn't seem to be any benefit. Of course, systemd will most likely require NetworkManager only at some point. I hope someone fixes NetworkManager to be more sane before then.
At present, I don't care about having a WiFi network connected before a user is logged in. Surely on a typical laptop, that occurs once a month or so? We have network authentication with cached crendentials, and I can kinit after logging in anyway. If this is really a requirement, using TPM (with all of its failings) would probably be a better approach.