This is to prevent users from creating passwords they cannot remember. It could very well be true that having a streamlined password recovery system (weak to social engineering) is less secure than having easy-to-remember easy-to-guess passwords.