Because friends don't let friends run crappy firmware with back doors/known problems.
Disclaimer: I work for Red Hat on the Security Response Team and I'm one of the cloud guys so I'm biased (but I also work with OpenStack upstream). I'm also the CVE guy (plug: remember kids, get your CVEs early and life is better for everyone! http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html).
Adding support for this into OpenStack for AWS EC2 is really the wrong layer, this makes a lot more sense in the Orchestration layer. We already have a product that supports this: CloudForms, it can manage systems via OpenStack, RHEV, AWS EC2, etc. referred to as Open Hybrid Cloud/. Another aspect of this is that many customers already have significant investments in virtualization infrastructure, asking them to throw it all out for OpenStack (so all the software, training, backup software, etc.) won't always happen (although many are quite happy to add OpenStack to the mix).
I work for [redacted] which is why I won't say anything about [redacted] or especially anything about the [redacted] incident that [redacted] 17,000 people and caused the entire town of [redacted] to go bald and [redacted] at 3 in the morning.
Which is why anyone with an ounce of sense doesn't talk about their company (especially the higher up you go in the management chain). And especially never put it in writing. Duh.