Probably for the same reason that people use cut&pasted code snippets from random sites to generate self-signed certs.
I.e. nobody freaking understands how this certificate crap works. Microsoft has a set of tools for cryptographic operations that hasn't changed much since late 90-s and probably only a few engineers in Microsoft know how they work. Coincidentally, these tools prefer CABs for file containers.