I'm not sure what the specific issue with regards to Horizon is, however, if I had to guess I'd say that the most likely scenario is scale. Since the ESG load balancer can only do SNAT to a single IP address and there are only about 16,000 ephemeral ports to use for client sessions, one wouldn't be able to reach the published maximum of 20,000 active connections per pod in that scenario because you'd run out of ports to SNAT sessions to.
The only other potential issue might be some sort of reliance on seeing the real source IP, however, I expect that if that were the case they'd just call one-armed mode unsupported.