OAuth uses the Authentication header, not cookies, so it's not vulnerable to CSRF attacks. Requiring extra token lookup requests from apps using OAuth is unnecessary extra complexity.
I'm inclined to decline this: requiring the CSRF tokens doesn't hurt anything besides an extra round-trip once to fetch the token and a few bytes to send it, and it's likely to be much more complex to sometimes require them and sometimes not than it is to just always require them.
I also note that clients that support both OAuth and non-OAuth authentication (e.g. anything that wants to support non-WMF wikis too) will have to already have to have the code for handling the tokens, so it's not even likely to save them anything.
: Specifically, much more complex in the code that actually checks that the token is valid. And unnecessary complexity in security code is generally considered bad.