The same question was asked of Stuxnet; the answer is probably boring: state-sponsored malware authors are not like demo scene writers and do not care if their code is particularly elegant. They probably care more that it's J2EE-style maintainable.
And IMO (coming from a demoscener who's dabbled in malware dev for fun), they made the right choice. Sure, you pack Flame down and cut out everything non-essential, and you get it down to 64k. Good luck trying to add a new exploit later, once your target has adapted to your old ways. The goal of Flame and Stuxnet is not to be elegant or small or academically interesting (though I believe they are). The goal is to deliver a payload to their target in the most consistent way; they seem to be pretty damn dead on in hitting that goal.
Software that appears to be packed/obfuscated throws up red flags.
Rather than attempting to look like some badass in leather, flame/stuxnet dresses in a cheap ill-fitting suit with a bad microsoft tie so no one will suspect it.
