The biggest problem I run into with webhook-based systems is that getting security exemptions to make them work is painful in some environments that we deploy into.

People are less paranoid about you making an outbound GET than being open to handle an incoming POST.