I think that we want the authentication mechanisms to be add-on modules and keep the core pretty lean. For instance, we will be moving the OpenID authentication mechanism into an add-on module.
However, exactly what is in the module might change over time :-)