Also I found out that in my case most of the build time (and the afterwards occuring "validation" phase) is spend with getting the xsds for the spring (and spring security/ integration) xml files. It seems as if STS requests the xsds from the web instead of using the ones inside the according jar files.
Also how did you verify that STS "requests the xsds from the web ..."? Do you have some stacktraces or other evidence? In my tests, STS always uses the known XSDs from the Eclipse XML catalog.