The reason is security. Like for some new wifi routers, you can't connect directly to it. This approach clearly has the downsides you mentioned but also makes it harder for hackers to mess with your thermostat.
That is a stupid reason. Put your smart devices behind a Tor Hidden Service, so that they're basically invisible to anyone but you, but still accessible from everywhere. Generate a keypair for every device you want to allow access from and you're safe from most credible threats.