Yet another reason...
For ensuring that the BES 'rendering' component is isolated on its own server(s) firewalled away from the rest of your BES infrastructure. Because the rendering service is on the BES infrastructure it is a potential backdoor on to a enterprise network.
This is not the first time the 'rendering' service has been a security hole .. PDF rendering has been an issue a number of times.