Key exchange, plus the fact that the key is the same size of the message, and can only be used once. This means that securely exchanging keys is as hard as securely exchanging the message itself -- if you had a way to exchange the keys, you might as well exchange the message itself and be done with it.
Nothing's wrong with one time pads. They're as good as they've ever been, which is to say: completely impractical for use on the internet and almost all other computing applications.
My understanding of OTP's implies that these must be used only once. As such they offer the same PFS as all the schemes I know of. PFS does not guarantee the secrecy of a specific message. It does guarantee that if you are able to crack one message you can't use the key to crack others. Therefore if you use an OTP only once it gives you the same guarantees.
