Using one main set of CSS files which are then modified for each theme by changing the variables is also a strategy to avoid the ecosystem of badness. It also helps to keep maintenance to a minimum, since it avoids needing to maintain a separate set of CSS files for every theme.
Of course, since this is Free Software it's possible to easily remove the sanitization step from the code. But doing that probably means needing to fork the codebase, and this then makes bad actors easier to expose. For instance, you might see a fork with a single commit removing a few lines, and you'll then know that sites using that repo might be up to no good.