Just wanted to add my comments based on my recent experience.
1. The FIM failing may be fixed, I haven't come across this error in any recent installs.
2. Similarly, the Policy.11.0.Microsoft.SharePoint.Security.dll in GAC doesn't appear. In any case, its not specific to AutoSPInstaller.
3. The PerformancePoint database now has correct permission, the script gives the Farm account db_owner.
4. Of those services, the Claims to Windows Token Service now gets started if you specified it in the XML. The others don't get started but are probably not needed anyway (in most installs).
5. The script doesn't set the cache accounts on the Central Admin Web App, but good to have that warning out there anyway.
6. No change to health analyzer rules, a lot of them don't make sense but its no different than if you'd use the GUI to install SharePoint.
7. The SessionState = true does not get applied via AutoSPInstaller or the GUI. Not sure if this is a good idea anyway unless you need it.
8. NETWORK SERVICE does get read access to the folders listed via the WSS_WPG group.
9. Sync Connections have to be configured afterwards. I don't think this should be automated anyway.
10. Crawl still has to be started manually, which is probably a good idea :)
Good notes Craig, will incorporate these into an upcoming blog post.