In Firewall Mode, why do the NICS have to be in different subnets?

The main reason is that with the NICs in the same subnet, the kernel can choose either of the two interfaces to use as the system's default gateway interface.  This is generally always the same interface each time it boots, but in the upgrade to version 2.2.00.11, the kernel will start using LAN1 as the default interface where it previously used LAN2 (if both NICs are in the same subnet).

Although NOT advisable, you might be able to get around this issue by using a smaller subnet mask to technically put the NICs in different subnets. You just need to make sure to set up static routes to cover any address space that is now on a different subnet mask from the R3000's perspective where the rest of the network thinks the R3000 is in the same subnet.