It's not obtuse enough yet!
What I think is that the Atom API should use more random parts of the HTTP spec. Instead of just adding an additional header with something like <action>update</action>, it should overload those HTTP verbs that are just so underutilized out there like PUT and DELETE. I mean, they're there for a reason, right? Or hell, if not, let's invent one. Also, instead of using an XML based stanza for security like Jabber (you know, that completely useless and horribly written XMPP spec), let's use HTTP headers instead. And not just *any* HTTP header, let's find something completely unsupported by popular web tools like PHP so only really dedicated developers will use it, something like HTTP Digest Authentication. Yeah, that's the ticket!
Oh wait, they're doing just that! Great! I was worried that the spec wasn't geeky enough. Phew! Good thing. I mean, I hate simplicity for simplicity's sake.