Stateful session beans in transactions can't be passivated and shouldn't have passivation requirements either, like request scope.
Stateful beans can be any scope. They are the Bertie Bott's Every Flavor Beans of EJB. It's too big of a brush to say that passivation is always required. That's the part we need to fix.
Stateful session beans that do passivate are pretty rare. They should be assumed to be @NormalScope unless otherwise specified.
The user should be able to say if they want passivation validation on their stateful bean and dependencies.
We should at a minimum change the related language of the spec to be "For every bean which declares a passivating scope, and for every stateful session bean **that requires passivation**, " and discuss how to determine that an SFSB requires passivation.
From the EJB perspective this has always been a container detail, but we could have a rule in CDI that states the checks are not enforced unless the bean class explicitly implements java.io.Serializable. Alternatively we could make a generic @PassivationScoped annotation for other architectures that have flexible scopes and support passivation concepts.