My thoughts are it is one of two things:
- Apple is concerned about security (which would support John's theory)
- Mobile Safari is binding to a newer and/or private version of Webkit, and Springboard was an oversight
- Apple is concerned about breaking existing applications
- I would argue this makes the most sense, and was probably a very deliberate action by Apple, given enabling Nitro is a significant enough change to a core framework that could break existing applications.
- Would also explain the oversight in Springboard, if it was not opted in.
Gruber also makes the following statement:
Apple, as of iOS 4.3, trusts Mobile Safari enough to allow this. The upside is that Mobile Safari is now significantly faster. The downside is that any security exploits against Mobile Safari now potentially allow worse things to happen than before.
I would disagree, as many of the previous Jailbreak exploits in iOS such as this example were via Mobile Safari, without a JIT engine, simply exploiting the stack and other typical attacks to elevate privileges. As Apple continues to get a handle on these security issues, running dynamic code shouldn't be a problem.