- can make no assumptions about the client's networking than port 443 available, even if only via a HTTPS proxy
- can make no assumptions about the client's software except they can speak an extremely common protocol
- want security to work the same way it does for the rest of your services
"web-scale" doesn't come into it. Websockets are inherently difficult to scale because they're stateful, but in return you get the lowest latency in both directions the underlying network can provide with extremely reasonable (2-4 bytes) overhead compared to raw TCP or SSL
