How so? By shortening the link, you're hiding where the link goes to. bit.ly/12345 could go to amazon.com or big-scam-with-a-virus.com, and until you click on it you'd never know.
With bit.ly specifically, add a "+" at the end of the url to see what it points to. It also shows you some stats like creation date and number of clicks over time.
It's useful to know the domain of the link before you click because some people might not want to navigate to unknown sites at work, or at least don't want to navigate to certain sites at work (Facebook, Instagram, YouTube, pornhub, etc, etc.)
You don't need a link shortening service for that. The website and API can just start changing the URL it includes in the tweet if it determines the original URL is a scam.
They can redirect you anywhere. They can also rewrite anything in the URL, like add affiliate IDs or whatever. I'm sure some of them do that, because why not.
That's a decent point about email, but there is nothing they're doing on the website that couldn't be done without a link shortener. And even within the context of email it doesn't really make sense, because email clients can just do the same thing without rewriting the URL.
Every time a link is clicked, send an event to the server with the URL so that it can be tracked. If the URL is already known to be malicious when the page is generated, either don't include the URL or use javascript to intercept the click event and display the interstitial. If links need to be checked for validity at the moment the user clicks them, then just wait for the 200 response and do the same thing, the performance would be identical either way.
TL;DR: clicking on their shortener can trigger just-in-time malware scan; they can retroactively block links already sent to people; they can strip away the Referer; they can inject their own analytics.
That sounds like the same authoritarian justification for hiding URLs in browsers and such --- "we'll tell you if it's safe, you don't need to know"...
It's not like you can't see the original URL and manually skip the redirect if you wanted to. It's just that most users won't do that which limits the ROI of spam and phishing campaigns.
Ah yes, I remember when Tinyurl first came into play - people were extremely hesitant to click anything behind one because so often it was a goatse.