Because the ability to write to a directory in a user's PATH makes it easy to trick this user into running arbitrary code. And /usr/local is a particularly poor choice for package management in a system like OS X without a "universal" package manager, because lots of prepackaged, precompiled third-party software already uses it. It's also not a particularly good idea to put your package manager's paths ahead of the system paths in PATH unless you want shell scripts to mysteriously break when some package pulls in an unanticipated dependency that includes newer, older, or different tools by the same name as system utilities (two examples that come to mind are HEAD from libwww-perl on a case-insensitive filesystem and xattr from the Python module of the same name; also GNU foo where the OS ships some GNU-incompatible version of foo). Instead, create another directory to hold symlinks for the few utilities you want to override system defaults (on my own systems, these include python, emacs, and git).