Carl,
When PEM was developed, we tried to design it for use in both
symmetric and asymmetric key management environments, and the first
PEM implementations were based on symmetric key management.
Your observation about room for an IV, or several IVs and
multiple keys in a single block encrypted under RSA is true in this
case, but need not be true in general. Thus, from the standpoint of
trying to design a protocol that is largely algorithm independent, it
would be undesirable to specify encryption of the IV along with the
message key, unless there was strong motivation to do so. The
argument of "it fits" might not always be true. Also, there is a
design goal of using techniques which are amenable to hardware as well
as software implementation. Many good comsec module designs strongly
separate KEKs vs. DEKs and IVs. The modules usually follow the
modified "Roach Motel" principle: "keys go in but they don't come
out." Encrypting an IV along with the DEK requires the module to tell
the two apart and to use each appropriately. This potential problem
is avoided by keeping what gets enciphered under a KEK (in this case,
the public key of the recipient) to be just the DEK (the message key).
Admittedly this may not be a high priority now in the Internet, but it
is a good design principle to follow.
So, there is more than a matter of coding taste involved here.
There are broader design goals that motivate the specific structure
adopted in PEM. I believe they are still relevant.
Steve