Ah ok, I think I get it now.

I was confused because if a MAC is included in the ciphertext or not, the padding still needs to be checked first.

But the point is that in this model of authenticated encryption, it's a weakness if you first have to decrypt before authenticating. Knowing the ciphertext is authentic before decryption is clearly superior.

Thanks!