The real reason is: I don't gain any security from signing my own commits, I gain security when other people sign their commits which they are currently not doing.

Therefore, making things easier to set up makes a greater contribution to security than strict, gold-standard security features that nobody adopts.