But the biggest addition is certainly a full featured implementation of the Hawk authentication scheme (spec).
Hawk is a shared secret authentication method where the actual secret is not transmitted on the wire. Instead the secret is used to sign parts of (or the full) HTTP request. The recipient can validate the signature and thus make sure the sender knows the secret key. It also has some replay and integrity protection features when using unsecured transports (though I personally would not recommend to using it as a replacement for SSL).