There are some instructions that are not privileged but may leak information about the host environment to the VM. Such instructions are referred to as sensitive instructions. To prevent sensitive instructions from being misused inside the VM, they are emulated.
Another explanation is that some older x86 processors may not have full hardware virtualization support, so Xen emulates the instructions to support a wider number of host configurations.
The x86 instruction set wasn't designed with hardware virtualisation in mind. Some of its instructions are defined to leak state from higher privileged levels into lower privileged levels. As hypervisor Xen must preserve these semantics. One way to achieve this is to trap all possible leaks and emulate the leak in the hypervisor. This is what Xen tried and failed to implement correctly.
An other possible solution to similar problems is to complicate the CPU even further and have it virtualise the corner cases in hardware or microcode.
I thought so too at first, but I'd expect non-x86 host systems running x86 guests to be vulnerable if that were the case. The advisory seems to indicate otherwise.
Another explanation is that some older x86 processors may not have full hardware virtualization support, so Xen emulates the instructions to support a wider number of host configurations.
I may be completely wrong though.