The problem with this approach is that most forums already exist and have members before VaultWiki is installed and there is no opt-in to VaultWiki emails during registration (even if there was, it would not help users who registered before installation). Thus, many users' wiki preferences are NULL. In such cases, the board default is assumed as the user preference, with the board default usually being "Always Subscribe". Thus, when a user edits a wiki page and is automatically subscribed, it would be possible for the user to be subscribed via their edit without ever knowing that this might happen and without ever opting in to that list -- unless the opt-in is provided on the edit page, which is the current behavior. This satisfies the CAN-SPAM requirement.
Otherwise, it would be necessary to force all user logins to a "New notification preferences have been added; please verify your selections" page immediately after installing VaultWiki. I believe this is the approach Facebook uses, as I think I have had this happen to me there. I know it has happened to me at banking websites. However, I would be wary to use Facebook as a model for many things. They tend to get sued and have paid fines in the past for various infractions.
In XenForo's default design, it does not even present an opt-in to automatic email notifications of watched content on the registration page. It does not explicitly notify the user that this will happen, nor does it ever suggest during the registration/confirmation process that the user should check out their notification preferences on X page. There is an admin setting to prevent this from occurring, but engagement is dramatically reduced as a result. However, like VaultWiki does for edits, XenForo shows the Watched Content options when replying to any thread, satisfying CAN-SPAM (although the option only appears under More Options). Thus VaultWiki's implementation is consistent with the XenForo implementation.
As a side note, I do not consider Quick Reply safe for deployment in the United States if automatic watching is enabled in Options > User Registration. All sites to whom CAN-SPAM would apply should have the email and watch-related User Registration options disabled (bad for engagement, but legal).
The only thing we might be able to do about the setting is maybe make it take up less vertical space, by collapsing the options by default (still showing the auto-subscribe state while collapsed).