Via Don Box's recent post and a comment in Sam Ruby's reply, I found this presentation: worth reading. The latest version (together with a lot of other stuff the same folk have presented) can be found here.
The main message surely is to make the first gate as secure as you can: SSL + certificates. After that, if you need/want additional security then I think I agree with Don that uniformity, at least at the authentication level, is desirable. I just don't see where vested interests or additional value accrue from doing otherwise.