If I want to reference something in the .net framework for use in my CLR stored proc, for example, I have to first load it into the Sql server database.
Why isn't it preinstalled? Is it performance related or for security issues or what else?
thanks.
I'd imagine it's for security reasons as not installing it by default reduces the attack surface available to any hackers.
Probably because it is an optional feature that isn't used that much. Yet.
It's off by default because it's increased attack surface area and won't be needed in may places. Lots of other SQL Server stuff has to be enabled specifically too.
Some fairly basic stuff can be off by default: KB 914277 for "remote access"
Secondary to this, it won't be allowed in many shops, which leads me to my cheeky answer: "because developers might use it". Using CLR in a relational engine has benfits: custom datatypes, custom aggregates etc, but it will be abused because it's easier to write c# rather than T-SQL for many folk.
SQL Server 2000 came with everything turned on, after the slammer worm Microsoft learned their lesson and on SQL Server 2005 and up all the things that were enabled like xp_cmdshell, openrowset etc etc are turned off by default to reduce the attack surface. CLR is also turned off because of the same reason.