Ports 0-1024 are protected. Only root can use them.
To address the question, yes, there are reasons to not run Splunk as root. Company policy may prohibit it. Security best practices say only system processes should run as root. Any program running as root may have a weakness that can be exploited to give an outsider a way into your system. That said, some things (like opening port 514) can only be done by root.
Ports 0-1024 are protected. Only root can use them.
To address the question, yes, there are reasons to not run Splunk as root. Company policy may prohibit it. Security best practices say only system processes should run as root. Any program running as root may have a weakness that can be exploited to give an outsider a way into your system. That said, some things (like opening port 514) can only be done by root.
If you have to receive data on 514, consider setting up an iptables entry for 514 to reroute it to a local port >1024 and have non-root Splunk listen to that.
There have been a couple previous questions here on Answer that address this topic such as this post: http://answers.splunk.com/answers/145385/should-we-run-splunk-as-root-or-non-root-user.html
Pretty much the same security issue and best practice that @richgalloway points out.