Well, if libraries like OpenSSL check extendedKeyUsage by default but provide an option to disable this, then most apps benefit from more stringent security, but ones like Prosody with unusual use cases can continue to make those use cases work. That doesn't sound like the worst thing in the world, necessarily? (I'm not sure how Prosody actually implemented this, though, or whether OpenSSL actually works that way.)