Changing this behavior now would be a major API breakage: any client which communicate with XWiki using preemptive authentication and does not force basic auth with "basicauth=1" (which is the case of the XWiki extensions repository client for example) would be broken.