Because friends don't let friends run crappy firmware with back doors/known problems.
Disclaimer: I work for Red Hat on the Security Response Team and I'm one of the cloud guys so I'm biased (but I also work with OpenStack upstream). I'm also the CVE guy (plug: remember kids, get your CVEs early and life is better for everyone! http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html).
Adding support for this into OpenStack for AWS EC2 is really the wrong layer, this makes a lot more sense in the Orchestration layer. We already have a product that supports this: CloudForms, it can manage systems via OpenStack, RHEV, AWS EC2, etc. referred to as Open Hybrid Cloud/. Another aspect of this is that many customers already have significant investments in virtualization infrastructure, asking them to throw it all out for OpenStack (so all the software, training, backup software, etc.) won't always happen (although many are quite happy to add OpenStack to the mix).