I have not seen any document, but my understanding is that FR and ATM networks do not have broadcast capability which is an inherent security feature. Sites can communicte only if a VC is configured between them. In metro ethernet, broadcasting is possible and the providers have to implement security to islolate customers by configuring some feature. Since the customers may not trust the level of security provided by the providers, they may choose to run IPSec over this type of access.