Why .profile and .bash_profile have non-owner R permissions?

On the Linux systems I've seen the files .profile and .bash_profile in ~ have permissions -rw-r--r--. People seem to put various env vars into these files quite often, including smth like AWS keys, etc. Those non-owner R bits don't make these files widely readable, because home directories themselves prevent that by having drwx------. Which makes sense. HOWEVER. Doesn't this increase the potential attack surface? What's the reason for having those R bits on by default across many Linux distributions? Any specific use-cases valid today? Btw, .bash_history has -rw-------. So it looks more private than the files in subject. Not clear why.