A transactional website that is open to everyone, should be able to protect its assets against malicious intents. An insecure website has the potential to compromise the user data on one hand and on the other, its services can be disrupted, both of which will result in loss of business.
Currently, in cloudstack the inter VPC traffic has to go thru the public gateway. This means the traffic has to be nat-ed across public internet via core-routers, which is inefficient in itself. A more efficient approach will be to route the traffic within cloudstack and even better if no NAT-ing is involved.