I guess it's a (perhaps debatable) security argument. If I leave my unlocked laptop unattended (but not connected to the VPN) in a public space, for example, then it makes it harder for a third party to steal that code. I'm sure you'll find one thousand counterexamples where it wouldn't help, but no policy is perfect.
But a more practical reason is that some legacy software is designed to be run on these company servers, it expects certain things to be at particular places, so you need to work on them. Again, this is not ideal (and we try to change that little by little when possible), but that's how it is right now.
That's completely ridiculous (and, unfortunately, also completely plausible with companies) - see the so-called "analog hole" (or in this case even digital - if it hits the browser as textual content).
There is still a big difference in terms of attach surface between a complete repo cloned in /home/$USER and some transient partial information that is gone (in theory) once you close the application/browser, so I don't see why it's completely ridiculous.
I doubt the code is that valuable, but if you don't trust your employees to not do that (seriously, nearly every other company trusts their engineers at least that much), then why did you hire them in the first place?
Do you mean "trust" as in trusting they don't have malicious intents, or trusting they won't be lazy or distracted sometimes? In this case I don't think it's the former, since nothing technically prevents an employee from cloning the repos and running away to a competitor. I think it's part of good security "hygiene" that helps protect you from yourself.
But a more practical reason is that some legacy software is designed to be run on these company servers, it expects certain things to be at particular places, so you need to work on them. Again, this is not ideal (and we try to change that little by little when possible), but that's how it is right now.