We're going to be moving to using DEP soon in my environment, previously iPads were not supervised due to having to use configurator, but now that there is the ability to do it via DEP, I was wanting to revisit the idea.
Are there any major negatives to supervising devices with DEP?
I would say there are too many reasons not to go to the DEP model. The main reasons being the inability for a user to remove profiles and the inability for a user to refresh the device and walk away with it.
The downside from what I see is the idea of sharing an Apple ID. Cart based we are still Configurator based but looking into going DEP on those as well. For 1:1's there is no reason not to be using DEP.
We get around the passcode issue by requiring the pass codes be the same as part of their common log in. That way teachers and admins can get in the device as needed.
The DEP model is the future of deployment. Personal opinion here: There are no reasons to not go DEP!
DEP is the answer to getting rid of configurator for 1:1 devices, I honestly can't think of any reason why not to do it. The issue you mentioned above @St0rMl0rD really is a non-factor in our environment of about 5000 iPads, I suspect it will not be an impediment to your environment also. We do it maybe a half dozen times a year... Maybe. The work-around is well documented in the community and the positives of DEP are just too great to not do it.
Supervision is something you should do with your institutionally owned devices, so you are prepared to implement configurations that wouldn't otherwise be possible. For example, sometimes students need a more locked down profile for discipline reasons - I can disable iMessage. Teachers are able to utilize Casper Focus, and for SBAC I was able to implement Autonomous Single App Mode - which made my life much easier this year. If you have not seen it, search the iPhoneConfigurationProfileRef.pdf document for "Supervised Only".
I have not experienced any downsides to Supervision.
I have not experienced downsides to DEP except what was mentioned above. Since I force pre-stage enrollment but do not require LDAP authentication, I even had an iPad calling home and enrolling after it being stolen. I make sure not to disable them in these instances so I can capture an IP address to feed to the police.