Some questions for discussion:
Instead of creating a tag directly off the trunk, maybe we should first create a branch for the release and increment the trunk to the next version? Then the tag would be created from the branch, and if problems are found in the tag, the tag is deleted, and the bugs are fixed in the branch. The maven release plugin is not currently set up to do branches, but this is something that could probably be added pretty easily.
Instead of having QA test the actual release, maybe they can test the release candidate version, and if everything is fine, then we just rename the release candidate and do some verification that the bits are the same.
For any reasonably stable project I already expect there to be a branch. The issue with incrementing either the branch or trunk to the next version exists for either strategy as both end up with a codebase that does not match the tag as soon as another change is made. The http://maven.apache.org/plugins/maven-release-plugin/examples/prepare-release.html docs say that existing poms are updated though:
Bump the version in the POMs to a new value y-SNAPSHOT (these values will also be prompted for)
If that is the case whether or not a branch is used is just a function of the project maturity/policy. If there is not already a branch its not helping much to create one.