It’s ultimately a decision made nearly 14 years ago (SONAR-1467), so I probably can’t get down to an exact “why” – but at least back then, it was rare for hidden files to be code that you cared about.
However, I don’t think it’s safe for us to assume we should now analyze all hidden files, so we have to figure out the right solution.