Because the security team doesn't choose the defaults. They have some input, but other teams also have input and will cause settings to be enabled that have negative security consequences. E.g. "tell Apple everytime you connect to a wifi network to check for captive portals".
Because the security team's goal is MacOS as a whole, and not your individual computer. So they have an incentive to enable things like automatic bug reports that harm your personal security but contribute to the overall security (not to mention usability) of the MacOS ecosystem.
Because the security team's goal is MacOS as a whole, and not your individual computer. So they have an incentive to enable things like automatic bug reports that harm your personal security but contribute to the overall security (not to mention usability) of the MacOS ecosystem.