As part of some claims based authentication work I've been doing recently, I've come across two very important constraints. They are manageable constraints, but they are things that you need to know about in advance of setting up and configuring your claims infrastructure in SharePoint 2010. The big items to be aware of:
** UPDATE **
There has been some scripts that have shown in some cases they can seemingly update the list of claim mappings associated with the SPTrustedIdentityTokenIssuer after the fact. After discussing with some folks on the claims test team, the advice is to not use those - you should consider the claim mappings immutable with the RTM release of the product. That may change in the future, but for the RTM release this is how we're going to address it.
So, these are important constraints to be aware of, but they can definitely be managed without too much fuss as long as you are aware of them up front.