I don't think drop or discard should cause TMM to send a TCP reset immediately--just remove the connection table entry. TMM should send a reset in response to the next packet the client or server sends on the connection. That next packet could be a long ways out. So intermediate hosts in the chain between the client and TMM might have the connection open unnecessarily long. Also, if you use drop, the client will generally timeout after an idle timeout rather than knowing immediately that the connection is invalid. The only time I think it makes sense to drop a packet is if you're trying to avoid telling a malicious client that their connection is invalid. And like you say George, if you've already had TMM accept the TCP connection, a malicious client already knows the service is answering.
tl;dr: just use reject if you're blocking an HTTP request or TCP connection on an LTM VS with a TCP profile.
Aaron